github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-21 11:29:26 +00:00
Code Issues Projects Releases Wiki Activity
2,015 Commits 123 Branches 176 Tags
98a5813bd7de23a8136b166af1ed94038a58591f
Commit Graph

472 Commits

Author SHA1 Message Date
Lorenzo Fontana
00d930199f build: strip userspace/falco/falco in release when building with musl 
optimizations

Co-Authored-By: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-09-10 15:01:07 +02:00
Leonardo Grasso
c46dbc7f11 build: remove gRPC, openssl, curl from minimal build 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-09-10 15:01:07 +02:00
Leonardo Grasso
b7e75095e6 build(userspace): avoid openssl dep for engine fields verification 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-09-10 15:01:07 +02:00
Leonardo Grasso
68f937f5e8 build: disallow k8s audit trace file when minimal build 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-09-10 15:01:07 +02:00
Leonardo Grasso
bdd14604d4 build: remove webserver from minimal build 
Co-Authored-By: Lorenzo Fontana <fontanalorenz@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-09-10 15:01:07 +02:00
Leonardo Grasso
385d6eff6d fix(userspace/falco): do not always rethrow the exception 
Co-Authored-By: Lorenzo Fontana <fontanalorenz@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-08-25 14:27:40 +02:00
Lorenzo Fontana
feb39010bb build: include openssl libraries in falco 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-08-20 19:26:56 +02:00
Leonardo Grasso
4346e98f20 feat(userspace/falco): print version at startup 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-07-16 22:35:56 +02:00
Lorenzo Fontana
c03f563450 build: libyaml in bundled deps 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-07-16 19:34:39 +02:00
Lorenzo Fontana
a447b6996e fix(userspace): rethrow inspector open exceptions 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-07-15 18:33:50 +02:00
Leonardo Di Donato
596e7ee303 fix(userspace/falco): try to insert kernel module driver conditionally 
Do it only when not running with userspace instrumentation enabled and
the syscall input source is enabled (!disable_syscall)

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-15 18:33:50 +02:00
Leo Di Donato
1343fd7e92 update(userspace/falco): userspace instrumentation help line 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-15 18:33:50 +02:00
Kris Nova
1954cf3af3 update(userspace/falco): edits to the falco CLI 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-15 18:33:50 +02:00
Kris Nova
bc8f9a5692 feat(cli): adding -u to the usage text 
Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-07-15 18:33:50 +02:00
Loris Degioanni
c743f1eb68 feat(cli): adding -u to flip inspector method calls 
udig support through the -u command line flag

Signed-off-by: Kris Nóva <kris@nivenly.com>
Co-authored-by: Kris Nóva <kris@nivenly.com>
 2020-07-15 18:33:50 +02:00
Leonardo Grasso
de147447ed update(userspace/falco): rename --stats_interval to --stats-interval 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-07-08 17:55:16 +02:00
Leonardo Di Donato
825e249294 update(userspace/falco): rename --stats_interval to --stats-interval 
To match the style of other long flags of the Falco CLI.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-08 17:55:16 +02:00
Leonardo Di Donato
00689a5d97 fix(userspace/falco): allow stats interval greather than 999 
milliseconds

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-08 17:55:16 +02:00
Leonardo Di Donato
c7ac1ef61b update(userspace/engine): const correctness for json_event class 
Co-authored-by: Nathan Baker <nathan.baker@sysdig.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-07 21:19:08 +02:00
Leonardo Di Donato
553856ad68 chore(userspace): log the gRPC threadiness 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-07 13:42:09 +02:00
Leonardo Di Donato
2d52be603d update(userspace/falco): gRPC server threadiness 0 by default (which 
means "auto")

The 0 ("auto") value sets the threadiness to the number of online cores
automatically.

Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-07 13:42:09 +02:00
Leonardo Di Donato
75e62269c3 new: hardware_concurrency helper 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-07 13:42:09 +02:00
Leonardo Grasso
fecf1a9fea fix(userspace/falco/lua): correct argument 
This explain why `buffered_output: false` was not honored for stdout

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-07-03 11:45:00 +02:00
Lorenzo Fontana
352307431a fix: update k8s audit endpoint to /k8s-audit everywhere 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-07-01 13:29:51 +02:00
Leonardo Grasso
82e0b5f217 fix(userspace/falco): honor -M also when using a trace file 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-06-30 13:04:03 +02:00
Lorenzo Fontana
9eb0b7fb5f update(userspace/falco): avoid memory allocation for falco output 
response

Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-06-29 20:42:50 +02:00
Lorenzo Fontana
869d883dc7 update(userspace/falco): better gRPC server logging 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-06-29 20:42:50 +02:00
Leonardo Di Donato
b88767f558 bc(userspace/falco): the Falco gRPC Outputs API are now "falco.outputs.service/get" and "falco.outputs.service/sub" 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-06-29 20:42:50 +02:00
Leonardo Di Donato
bdbdf7b830 update(userspace/falco): pluralize Falco output proto and service 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-06-29 20:42:50 +02:00
Lorenzo Fontana
3d9bc8f67b update(userspace/falco): remove keepalive from output request 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-06-29 20:42:50 +02:00
Lorenzo Fontana
c89c11c3c4 update(userspace/falco): remove output queue size 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-06-29 20:42:50 +02:00
Lorenzo Fontana
5bd9ba0529 update(userspace/falco/grpc): simpler bidirectional context state 
transitions

Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-06-29 20:42:50 +02:00
Lorenzo Fontana
b9e6d65e69 update(userspace/falco/grpc): bidirectional sub implementation 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-06-29 20:42:50 +02:00
Lorenzo Fontana
0d194f2b40 update(userspace/falco/grpc): for stream contexts use a flag to detect 
if it is still running or not

Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-06-29 20:42:50 +02:00
Lorenzo Fontana
d9f2cda8cf update(userspace/falco/grpc): dealing with multiple streaming requests 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-06-29 20:42:50 +02:00
Leonardo Di Donato
2ebc55f897 wip(userspace/falco): bidirectional gRPC outputs logic (initial) 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-06-29 20:42:50 +02:00
Leonardo Di Donato
01ae8701d9 new(userspace/falco): concrete initial implementation of the subscribe gRPC service 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-06-29 20:42:50 +02:00
Leonardo Di Donato
be6c4b273d new(userspace/falco): gRPC context for bidirectional services 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-06-29 20:42:50 +02:00
Leonardo Di Donato
a72f27c028 new(userspace/falco): macro to REGISTER_BIDI gRPC services 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-06-29 20:42:50 +02:00
Leonardo Di Donato
58adc5b60c new(userspace/falco): output gRPC service to provide a server streaming method and a bidirectional method to obtain Falco alerts 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-06-29 20:42:50 +02:00
Leonardo Di Donato
cf31712fad update(userspace/falco): context class for bidirectional gRPC services 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-06-29 20:42:50 +02:00
Leonardo Di Donato
a568c42adb update(userspace/falco): unsafe_size() method for falco::output::queue 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-06-29 20:42:50 +02:00
Leonardo Di Donato
05dd170d70 fix(userspace/falco): virtual destructor of base grpc context 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-06-29 20:42:50 +02:00
Omer Azaria
70b9bfe1d6 rule(Container Drift Detected): detect new exec created in a container 
Signed-off-by: Omer Azaria <omer.azaria@sysdig.com>
 2020-06-22 12:24:59 +02:00
Shane Lawrence
00884ef581 Log modified copy instead of original message. 
Signed-off-by: Shane Lawrence <shane@lawrence.dev>
 2020-06-19 15:28:42 +02:00
Leonardo Di Donato
3bfd94fefd docs(test): run locally handling python deps with venv 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-05-26 15:01:48 +02:00
Leonardo Di Donato
f186e5f41f fix(userspace/falco): set gpr log verbosity accordingly to the Falco one 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-05-21 18:15:46 +02:00
Leonardo Di Donato
ade64b0ce8 update(userspace/falco): make log level a configuration member 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-05-21 18:15:46 +02:00
Leonardo Di Donato
d808c0aeaf update(tests/engine): test is_unix_scheme 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-05-21 18:15:46 +02:00
Leonardo Di Donato
65e069a020 update(userspace/engine): url_is_unix_scheme() util is now is_unix_scheme(string_view) 
Also no more custom `starts_with` utility function.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-05-21 18:15:46 +02:00