github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 07:37:32 +00:00
Code Issues Projects Releases Wiki Activity
4,180 Commits 121 Branches 172 Tags 104 MiB
8cf9b35b0e
Commit Graph

4180 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luca Guerra
8cf9b35b0e new(ci): run CI jobs on ARM64 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-07 18:26:28 +01:00
Luca Guerra
6e4ccb0007 update(ci): enable actuated.dev 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-07 18:26:28 +01:00
Federico Aponte
44b7352180 cleanup: fix several warnings from a Clang build 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2023-12-06 16:40:26 +01:00
Vicente J. Jiménez Miras
13991f1ea7 Add use of FALCO_DRIVER_CHOICE and FALCOCTL_ENABLED env vars 
Signed-off-by: Vicente J. Jiménez Miras <vjjmiras@gmail.com>
 2023-12-06 10:13:25 +01:00
Andrea Terzolo
10226a6c87 chore(falco): bump libs to 000d576ef877cb115cbb56f97187a1d62221e2bd 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-12-06 10:08:25 +01:00
Federico Aponte
e558c4f5a5 chore(build): remove outdated development libs 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2023-12-06 05:46:25 +01:00
Federico Di Pierro
0ba0dd8671 chore(docker/falco): add back some deps to falco docker image. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-05 18:34:26 +01:00
Jason Dellaluce
305ed75268 update(submodules): bump falcosecurity-testing 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-12-02 09:38:15 +01:00
Jason Dellaluce
390a13bd40 update(userspace): optimizations in validation and description steps 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-12-02 09:38:15 +01:00
Jason Dellaluce
67542ec88e new(userspace/falco): support -L when validating for parity 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-12-02 09:38:15 +01:00
Jason Dellaluce
e3943ccac3 refactor(userspace/engine): uniform json lib in rules description and not print from engine 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-12-02 09:38:15 +01:00
dependabot[bot]
95968defa5 build(deps): Bump submodules/falcosecurity-testing 
Bumps [submodules/falcosecurity-testing](https://github.com/falcosecurity/testing) from `92c313f` to `5248e6d`.
- [Commits](92c313f5ca...5248e6dff9)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-testing
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-01 13:12:12 +01:00
Luca Guerra
6411eed4a7 cleanup(falco): remove decode_uri as it is no longer used 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-11-29 17:42:06 +01:00
Andrea Terzolo
c5364be191 new: print system info when Falco starts 
Print kernel info when Falco starts with a kernel driver

Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-28 22:14:05 +01:00
Luca Guerra
ce4d28ef90 chore(falco): update to libs on nov 28th 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-11-28 17:14:04 +01:00
Melissa Kilby
3b068919d0 update(cmake): bump libs and driver to c2fd308 plus bump falco engine version 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-11-28 12:57:04 +01:00
Melissa Kilby
3e4566e5af cleanup(userspace/falco): minor adjustments to stats writer and rebase correction 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-11-28 12:57:04 +01:00
Melissa Kilby
9cb4c09500 cleanup(userspace/falco): enable sinsp_stats_v2 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-11-28 12:57:04 +01:00
Melissa Kilby
8196ee3b83 cleanup(libsinsp): simplify metrics flags config handling 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-11-28 12:57:04 +01:00
Melissa Kilby
af7192bdc3 update(userspace/falco): add libsinsp state metrics option 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-11-28 12:57:04 +01:00
Andrea Terzolo
00b7c56d54 cleanup: rename modern-ebpf into modern_ebpf 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
2ce8fe9011 docs: improve a log 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
4443e9d64f fix: fix some broken tests 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
249ccf2f4b new: add some deprecation warnings 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
715db9ddb4 cleanup: move some macros inside a shared file 
These macros will be used by other files so we need to share them

Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Federico Di Pierro
0368de5229 chore(userspace): small round of review-induced fixes. 
Also, properly warn the user that deprecated CLI options will be ignored
when the new `engine` configuration key is in use.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-11-27 15:01:00 +01:00
Federico Di Pierro
b92e0d6134 chore(userspace,unit_tests): renamed engine.replay.trace_file to engine.replay.capture_file. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
898ba68b3b test: don't test load config if we are under wasm 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
96f474a29c docs: fix codespell 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
12122729a4 docs: add a comment on missing config files 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
335022076f docs: fix some docs 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
1b14fed380 tests: call the callback action only once 
moreover this commit corrects `cpus_for_each_syscall_buffer` into test
configs

Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
11253cc0eb docs: add some descriptions in falco.yaml 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
be16af7fe0 cleanup: rename cpus_for_each_syscall_buffer 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
588a94578a fix: take into consideration that load_yaml is called more than once 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
5e8e0a4722 new: allow to use only one between the config and the command line 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
bfef0e95be fix: use drop_failed_exit instead of just drop_failed 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
bc8f61ca68 tests: add a basic test to check config precedence 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
2778b12344 fix: always initialize the engine configs 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Federico Di Pierro
7056cb9035 chore(userspace): properly let old config keys override new ones when set to a non-default value. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
1f27f3b7f0 cleanup: move some initializations and add helpers 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
1ee6569a5d fix: use only new config instead of old command line options 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
f3f56db5ca cleanup: some renaming from bpf to ebpf 
the idea is to use only the word `ebpf` in Falco

Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Federico Di Pierro
4127764129 chore(userspace): renamed driver. config to engine.; renamed engine.replay.scap_file to engine.replay.trace_file. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-11-27 15:01:00 +01:00
Federico Di Pierro
4f1b950e0d chore(userspace,falco.yaml): rename new config key to driver.kind. 
Moreover, renamed driver kinds to use better naming, and move driver's related
config keys under `driver.$kind`.

Added DEPRECTATION notices on CLI options, and in falco.yaml.

DEPRECATED options (both CLI and config ones) will have priority over the new ones,
to retain compatibility with existing configs.

DEPRECATED options will be dropped in Falco 0.38.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Roberto Scolaro
626e609e4b new(userspace/falco): select driver from config 
Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>
 2023-11-27 15:01:00 +01:00
Roberto Scolaro
ea2d62d56b new(falco.yaml): added driver selection section 
Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>
 2023-11-27 15:01:00 +01:00
Roberto Scolaro
fb4ac046b0 refacotr(configuration): enhance readability of get_driver_mode 
Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>
 2023-11-27 15:01:00 +01:00
Roberto Scolaro
d53fa930c2 wip: driver selection in falco.yaml 
Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>
 2023-11-27 15:01:00 +01:00
Richard Tweed
5dc9987877 update(doc): Add Thought Machine as adopters 
Signed-off-by: Richard Tweed <RichardoC@users.noreply.github.com>

Signed-off-by: Richard Tweed <RichardoC@users.noreply.github.com>
 2023-11-22 14:31:42 +01:00