github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-29 16:17:32 +00:00
Code Issues Projects Releases Wiki Activity
1,966 Commits 121 Branches 172 Tags 104 MiB
a20e3267cd
Commit Graph

1966 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lorenzo Fontana
a20e3267cd build: make sure lyaml is linked with the bundled libyaml 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-08-20 19:26:56 +02:00
Lorenzo Fontana
1362ad7c10 build: add ubuntu bionic to circleci 
This is done to avoid breaking the compatibility with it.

Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-08-20 19:26:56 +02:00
Lorenzo Fontana
0324e8b610 build: update gRPC to 0.27.0 
This change was needed because gRPC was using some internal classes
to do vector operations in 0.25.0

Those operations were leading to sigsegv under certain operating
systems, like Ubuntu 18.04

In 0.27.0 they swapped their internal libraries with abseil-cpp.

I tested this and our gRPC server works very well with this new version
as well the CRI api.

I didn't go to 0.31.0 yet because it's very different now and it will
require more iterations to get there, specifically on the CRI api code.

Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-08-20 19:26:56 +02:00
Lorenzo Fontana
feb39010bb build: include openssl libraries in falco 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-08-20 19:26:56 +02:00
Lorenzo Fontana
59b2bdac9d build: avoid autoreconf -fi in jq 
In their readme, jq claims that you don't have
to do autoreconf -fi when downloading a released tarball.

However, they forgot to push the released makefiles
into their release tarbal.

For this reason, we have to mirror their release after
doing the configuration ourselves.

This is needed because many distros do not ship the right
version of autoreconf, making virtually impossible to build
Falco on them.

Here is how it was created:

git clone https://github.com/stedolan/jq.git
cd jq
git checkout tags/jq-1.6
git submodule update --init
autoreconf -fi

Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-08-20 19:26:56 +02:00
Lorenzo Fontana
f388d95591 build: gRPC link to bundled OpenSSL 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-08-20 19:26:56 +02:00
Lorenzo Fontana
8bfd6eaef7 build: fix JQ compilation issues and link oniguruma 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-08-20 19:26:56 +02:00
Lorenzo Fontana
4db3cc1f72 build: fix cURL ssl compilation issues 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-08-20 19:26:56 +02:00
Tommy McCormick
52a2c253ce docs(community health files): fall back to org default community health files 
Signed-off-by: Tommy McCormick <mccormick9@gmail.com>
 2020-08-19 10:14:51 +02:00
Leonardo Grasso
1f1f7c16b6 chore(rules): add renameat2 to rename macro 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-08-18 11:23:24 +02:00
Kris Nova
ff77a36a03 feat(docs): Updating links for gRPC and Protobuf 
Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-08-18 09:20:42 +02:00
Kris Nova
213e4f6aaf feat(docs): Fixing formatting in README.md 
Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-08-18 09:20:42 +02:00
Kris Nova
5839e41093 feat(docs): Adding SDKs and gRPC to README.md 
Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-08-18 09:20:42 +02:00
Kris Nova
974efadaee feat(doc): Adding incubating to README.md 
Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-08-18 09:20:42 +02:00
Kris Nova
615313e8fa feat(doc): Updating README.md 
Updating Readme with most recent doc changes

Signed-off-by: Kris Nova <kris@nivenly.com>
 2020-08-18 09:20:42 +02:00
Lorenzo Fontana
4c25135bf9 update: bump sysdig to 0.27.0 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-08-17 18:21:45 +02:00
kaizhe
1bb0a9b44a minor fix 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-08-13 20:34:39 +02:00
kaizhe
ca3c4814fe add sematext images back 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-08-13 20:34:39 +02:00
kaizhe
50832c7990 remove non-oss images in the whitelist 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-08-13 20:34:39 +02:00
kaizhe
4eba59c3f0 keep both w/ docker.io and w/o docker.io for sysdig images 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-08-13 20:34:39 +02:00
kaizhe
3e98c2efc0 macro(user_read_sensitive_file_containers): replace endswiths with exact image repo name 
macro(user_trusted_containers): replace endswiths with exact image repo name
macro(user_privileged_containers): replace endswiths with exact image repo name
macro(trusted_images_query_miner_domain_dns): replace endswiths with exact image repo name
macro(falco_privileged_containers): append "/" to quay.io/sysdig
list(falco_privileged_images): add images docker.io/sysdig/agent-slim and docker.io/sysdig/node-image-analyzer
list(falco_sensitive_mount_images): add image docker.io/sysdig/agent-slim
list(k8s_containers): prepend docker.io to images

Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-08-13 20:34:39 +02:00
Radu Andries
938ece8f4e macro(exe_running_docker_save): add better support for centos 
dockerd and docker have "-current" suffix on centos and rhel. This
macro does not match causing false positives on multiple rules
using it

Signed-off-by: Radu Andries <radu@sysdig.com>
 2020-08-13 19:43:48 +02:00
kaizhe
511ef52717 rule (EphemeralContainers Created): add new rule to detect ephemeral container created 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-08-06 22:42:18 +02:00
kaizhe
e2bf87d207 macro(trusted_pod): add new list k8s_image_list 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-07-31 10:40:48 +02:00
Antoine Deschênes
0a600253ac falco-driver-loader: fix conflicting $1 argument usage 
Signed-off-by: Antoine Deschênes <antoine@antoinedeschenes.com>
 2020-07-28 09:58:39 +02:00
kaizhe
571f8a28e7 add macro user_read_sensitive_file_containers 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-07-25 08:53:06 +02:00
kaizhe
6bb0bba68a rules update(Read sensitive file untrusted): add trusted images into whitelist 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-07-25 08:53:06 +02:00
Leonardo Grasso
f1a42cf259 rule(list allowed_k8s_users): add "kubernetes-admin" user 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-07-25 08:51:13 +02:00
Nicolas Vanheuverzwijn
427c15f257 rule(macro falco_privileged_images): add 'docker.io/falcosecurity/falco' 
Add 'docker.io/falcosecurity/falco' image to  'falco_privileged_images' macro. This preven messages like this when booting up falco :

```
Warning Pod started with privileged container (user=system:serviceaccount:kube-system:daemon-set-controller pod=falco-42brw ns=monitoring images=docker.io/falcosecurity/falco:0.24.0)
```

Signed-off-by: Nicolas Vanheuverzwijn <nicolas.vanheu@gmail.com>
 2020-07-23 20:49:57 +02:00
kaizhe
a9b4e6c73e add sysdig/agent-slim to the user_trusted_images macro 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-07-20 23:41:47 +02:00
kaizhe
b32853798f rule update (macro: user_trusted_containers): add sysdig/node-image-analyzer to macro user_trusted_containers 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-07-20 23:41:47 +02:00
Shane Lawrence
b86bc4a857 Use ISO 8601 format for changelog dates. 
Signed-off-by: Shane Lawrence <shane@lawrence.dev>
 2020-07-20 23:25:30 +02:00
Leo Di Donato
23224355a5 docs(test): integration tests intended to be run against a release build of Falco 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2020-07-20 22:48:00 +02:00
Leo Di Donato
84fbac0863 chore(.circleci): switch back to falcosecurity/falco-tester:latest runner for integration tests 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
3814b2e81b docs(test): run all the test suites at once 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
a83b91fc53 new(test): run_regression_tests.sh -h 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
e618f005b6 update(docker/tester): use the new run_regression_tests.sh CLI flags 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
d8faa95702 fix(test): run_regression_tests.sh must generate falco_traces test suite in a non-interactive way 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
ef5e71598a docs(test): instruction to run falco_tests_package integration test suite locally 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
bb1282c7be update(test): make run_regression_tests.sh script accept different 
options

The following options have been added:
* -v (verbose)
* -p (prepare falco_traces test suite)
* -b (specify custom branch for downloading trace files)
* -d (specify the build directory)

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
8f07189ede docs(test): instructions for executing falco_traces integration test suite 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
dec2ff7d72 docs(test): prepare the local environment for running integration test suites 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
f3022e0abf build(test): target test-traces files 
This make target calls the `trace-files-psp`, `trace-files-k8s-audit`,
`trace-files-base-scap` targets to place all the integration test
fixtures in the proper position.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
9b42b20e1c build(test/trace_files): target trace-files-base-scap 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
850a49989f build(test/trace_files/psp): target trace-files-psp 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
0dc2a6abd3 build(test/traces_file/k8s_audit): target trace-files-k8s-audit 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Grasso
4346e98f20 feat(userspace/falco): print version at startup 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-07-16 22:35:56 +02:00
Lorenzo Fontana
38009f23b4 build: remove libyaml from cpack rpm 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-07-16 19:34:39 +02:00
Lorenzo Fontana
324a3b88e7 build: remove libyaml-0-2 as dependency in packages and dockerfiles 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-07-16 19:34:39 +02:00
Lorenzo Fontana
c03f563450 build: libyaml in bundled deps 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-07-16 19:34:39 +02:00