github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 15:47:25 +00:00
Code Issues Projects Releases Wiki Activity
4,743 Commits 121 Branches 172 Tags 104 MiB
9b35c0d5e0
Commit Graph

4743 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Federico Di Pierro
9b35c0d5e0 update(userspace/falco): use ternary operator 
Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-12-05 10:15:39 +01:00
Federico Di Pierro
211eea6abb new(userspace/falco): allow entirely disabling plugin hostinfo support. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-12-05 10:15:39 +01:00
FedeDP
9f29444b17 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2024-12-03 10:01:26 +01:00
Thomas Labarussias
242f25ae25 fix: update the url for the docs about the concurrent queue classes 
Signed-off-by: Thomas Labarussias <issif+github@gadz.org>
 2024-11-26 18:29:48 +01:00
Federico Di Pierro
ee4c9f9d4b update(changelog): updated changelog for 0.39.2. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-11-21 18:03:22 +01:00
poiana
563291f8d8 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2024-11-21 11:03:21 +01:00
Federico Di Pierro
4efbd44354 update(cmake): bumped falcoctl to v0.10.1. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-11-21 09:56:21 +01:00
Federico Di Pierro
0a8526dd7b fix(cmake,docker): avoid cpp-httplib requiring brotli. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-11-07 08:58:23 +01:00
Luca Guerra
edf36c0724 fix(docker): add brotli to the Falco image 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-11-06 16:10:18 +01:00
Leonardo Grasso
3fa8bc9bc7 fix(docker/falco-debian): usage label 
Co-authored-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2024-11-05 17:38:11 +01:00
Leonardo Grasso
a212262194 docs(docker): update images description 
Co-authored-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2024-11-05 17:38:11 +01:00
Leonardo Grasso
cfaf260b08 update(docker): no CMD for falco-driver-loader images 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2024-11-05 17:38:11 +01:00
Federico Di Pierro
f4dd0b9c07 fix(docker): fix docker-compose with correct image name for Falco. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-11-05 17:38:11 +01:00
Federico Di Pierro
c44d323b4b chore(ci,docker): more fixes. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2024-11-05 17:38:11 +01:00
Federico Di Pierro
57446c38f7 chore(docker): apply some review suggestions. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2024-11-05 17:38:11 +01:00
Federico Di Pierro
77695ace72 fix(docker): fixed small issues in the new images. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-11-05 17:38:11 +01:00
Federico Di Pierro
01ab1661c0 cleanup(ci): drop -slim tag. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-11-05 17:38:11 +01:00
Federico Di Pierro
58930ea8c0 new(ci,docker): renamed driver-loader-legacy to driver-loader-buster. 
Moreover, ported docker images CI to new images.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-11-05 17:38:11 +01:00
Federico Di Pierro
56c061f37a chore(docker): updated README. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-11-05 17:38:11 +01:00
Federico Di Pierro
1307061554 new(docker): initial work towards new docker images. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-11-05 17:38:11 +01:00
Luca Guerra
e4107c05a4 update(ci): replace aarch64 actuated runners with oracle 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-11-05 10:59:09 +01:00
Federico Di Pierro
729bf9562b update(cmake): bump yaml-cpp to latest master. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-11-05 09:29:09 +01:00
dependabot[bot]
b50903e498 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `407e997` to `283a62f`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](407e99721f...283a62f464)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-24 10:11:12 +02:00
Mark Stemm
09a9fd4c26 Add tests for mismatched sources and append 
Add additional unit tests to verify that rule loading fails when a
second rules object has a different source but the name of an existing
rules object.

Also add tests for additional rules having an empty source.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-10-24 08:45:12 +02:00
Mark Stemm
4a73ef8824 When overriding rules, ensure that the sources match 
In places where a second rule definition might replace, append to, or
replace items from a base rule, ensure that the source of the second
rule definiton matches the first.

This already existed for defines, but for other changes. There was a
bug where a second definition might exist for a different source, but
the additional rule was used anyway.

This now returns the same error for these other changes e.g. "Rule has
been re-defined..." as define.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-10-24 08:45:12 +02:00
Mark Stemm
a44b311333 Add a source to rule_update_info 
It's possible that someone might want to override a property for a
non-syscall rule source. To assist in this, decode any source property
for rules with append/override and save it in the rule_update_info
object. For the source property only, the value for source can be
empty e.g. 'source: ' or an empty string e.g. 'source: ""'. Both of
those are considered valid but result in an empty source.

A later change will ensure that the sources match up when
appending/redefining/overriding/enabling.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-10-24 08:45:12 +02:00
Federico Di Pierro
24f824dfb5 update(cmake): bump libs to latest master. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-10-22 14:59:04 +02:00
Federico Di Pierro
e4cbffc35b update(userpsace/engine): update engine checksum and version. 
See https://github.com/falcosecurity/libs/pull/2047.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-10-21 16:01:59 +02:00
poiana
5749517c4e update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2024-10-21 16:01:59 +02:00
Mark Stemm
e99b11e793 Make enable()/disable() virtual so they can be overridden 
Subclasses might want to also see when rules are enabled/disabled.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-10-16 12:01:37 +02:00
Federico Di Pierro
c19b637e36 fix(ci): fixed shasum computation for bump-libs CI. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-10-15 16:16:37 +02:00
Luca Guerra
fb01b6d927 cleanup(falco): deprecate -b --print-base64 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-10 17:37:18 +02:00
Luca Guerra
4501b64b9d new(falco): add buffer_format_base64 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-10 17:37:18 +02:00
dependabot[bot]
e04deeabe5 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `e38fb3f` to `407e997`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](e38fb3f6a7...407e99721f)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-10 10:35:17 +02:00
Luca Guerra
dfa6b9b88e chore(falco): deprecated -A 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-10 10:26:16 +02:00
Luca Guerra
3b28450171 new(falco): add base_syscalls.all option to falco.yaml 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-10 10:26:16 +02:00
Federico Di Pierro
b242f90510 chore(ci): use redhat advised method to check rpmsign success. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-10-10 10:17:17 +02:00
Mark Stemm
80b7de6d90 Add a test for compile_output::clone() for derived type 
Add a test for checking that compile_output::clone() returns equal
values, specifically in the case of derived values.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-10-10 09:20:17 +02:00
Mark Stemm
5f13a9be08 Add equality operators for indexed_vector/falco_{list,macro,rule} 
Add an equality operator for indexed_vector.

As indexed_vectors commonly hold falco lists/macros/rules, also add
equality operators for those structs. For condition/sinsp_filter
shared_ptrs, the operator checks that the shared_ptrs point to the
same underlying memory.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-10-10 09:20:17 +02:00
Mark Stemm
093d9234a5 Add a compile_output::clone() method that can be overridden 
Add a clone() method that can be overridden by subclasses. This allows
copying compile state when needed in a way that preserves
polymorphism.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-10-10 09:20:17 +02:00
Federico Di Pierro
c55adf38b4 chore(userspace/engine): fix build warning. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-10-09 16:26:14 +02:00
Federico Di Pierro
3e24606c11 new(ci): use zig compiler instead of relying on centos7. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-10-09 16:26:14 +02:00
Federico Di Pierro
93e5292f2f update(changelog): updated changelog for 0.39.1. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-10-09 10:54:14 +02:00
Luca Guerra
a754601cb6 update(tests): add tests for plugin init_config 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-08 12:06:08 +02:00
Luca Guerra
6721a6b9cf fix(engine): allow null init_config for plugin info 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-08 12:06:08 +02:00
Federico Di Pierro
7b2feb1f73 fix(ci): fixed bump-libs workflow syntax. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-10-07 17:49:04 +02:00
Luca Guerra
c7c0246ca8 fix(engine): disable comma separated vectors in cxxopts 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-07 13:24:04 +02:00
Federico Di Pierro
5141bddedd new(ci): add a workflow to automatically bump libs on each monday. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-10-07 11:35:03 +02:00
Luca Guerra
478514940f update(falco): deprecated -S --snaplen option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-07 11:33:03 +02:00
Luca Guerra
ef79648037 new(falco): add falco_libs.snaplen option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-07 11:33:03 +02:00