github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-04 02:16:46 +00:00
Code Issues Projects Releases Wiki Activity
1,860 Commits 117 Branches 173 Tags 104 MiB
a72f27c028
Commit Graph

1860 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Leonardo Di Donato
11eed50003 build: out-of-source build for sysdig deps (CMake 3.5) 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
d6e246a26a build: use SYSDIG_SOURCE_DIR into falco CMakeLists.txt files 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
ce112d7238 build: remove unused code from main CMakeLists.txt 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
572ac46d85 build: include GNUInstallDirs module 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
494edafdb1 build: download sysdig deps from GitHub archive by git reference 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
3865093f34 build: dependencies for sinsp target 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
572f134762 build: execute inner cmake for sysdig deps 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
c99502ff57 build: external project add for sysdig 
Co-authored-by: Lorenzo Fontana <lo@linux.com>

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
18e3bd235c wip: libsinsp as external project add 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
dd2602296c build: find makedev cmake module 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
40b8e3a166 build: libsinsp and libscap from external project 
Some target inherited: we can run `make sinsp` and `make scap` from the falco build directory too

Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
e78506b80f build: fix zlib message for dynamically built gRPC 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Leonardo Di Donato
b226f5c7fa build: move process count variable and USE_BUNDLED_DEPS option to main CMakeLists file 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
613668309a build: gRPC absolute library dir 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
3712c8a2b4 ci: enable tests on plain travis 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
7a1e351aa4 build: gRPC fixes for the bundled path 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
cd938a5aad build: build all the targets on travis 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
d4fccebcc9 build(cmake/cpack): fix cmake options script 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
34e3ad937e build: bump cmake version to 3.5.1 and modules 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
50af72c393 build(docker/builder): adapt entrypoint to the new dependencies 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
5baa4b4046 build: cURL cmake module 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
8ca687575b build: delete unused cmake modules 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
fd94e2c891 build: gRPC cmake module 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
a28f861a8f build: jq cmake module 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
b8f649a610 build: yaml-cpp cmake module 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
f99dec47e0 build: add missing grpc dependencies on travis 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
7db8b9eb73 build(CMakeLists): include external dependencies from file 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
f567172bff update(docker/builder): install build dependencies in builder 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
74ac37c10a new: allow protobuf to be compiled statically optionally 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
66f8a47cc1 build: allow yamlcpp to be compiled statically optionally 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
3ccc0656f5 build: allow jq to be compiled statically optionally 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
d908a107b1 fix: allow gRPC to take protobuf from custom pkgconfig path 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
69031a4c9e build: libyaml-cpp-dev in travis 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
8688e5abfc new: cmake format colums to 120 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
98a82dd33e build: libjq-dev in travis 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
ce568a16a6 build: allow building gRPC as an alternative to dynamic linking 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
12d76f4426 build: fix building from the falcosecurity folder 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
490ebf306b build: include Coverage and add headers 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
e75bb732fe fix: use libssl-dev instead of openssl-dev 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
fb3f47a7c3 new: reorganize cmakelists.txt 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
fb42613cf1 new: use travis as the actual build environment 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
f492992c28 new: cpack under cmake folder 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
bcd485530a new: organize cmake dependencies better 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
b96e17fe5d new: fix lyaml dependencies 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Lorenzo Fontana
abdd099c0a new: initial dynamic build changes 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-01-17 19:09:31 +01:00
Mark Stemm
09cdc857c1 Fix compile warnings 
Noticed these while compiling in the latest alpine image.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-01-15 09:35:28 +01:00
Mark Stemm
c3f7d15e26 Add k8s audit support to falco event generator 
Currently, the falco event generator only generates system call
activity. This adds support for k8s_audit events by adding a script +
supporting k8s object files that generate activity that matches the k8s
audit event ruleset.

The main script is k8s_event_generator.sh, which loops over the files in
the yaml subdirectory, running kubectl apply -f for each.

In the interests of keeping things self-contained, all objects are
created in a `falco-event-generator` namespace. This means that some
activity related with cluster roles/cluster role bindings is not
performed.

Each k8s object has annotations that note:

1. The specific falco rules that should trigger.
2. A user-friendly message to print when apply-ing the file.

You can provide a specific rule name to the script. If provided, only
those objects related to that rule will trigger. The default is "all",
meaning that all objects are created.

The script loops forever, deleting the falco-event-generator namespace
after each iteration.

Additionally, the docker image has been updated to also copy the script
+ supporting files, as well as fetching the latest available `kubectl`
binary. The entrypoint is now a script that allows choosing between:
 - syscall activity: run with .... "syscall"
 - k8s_audit activity: run with .... "k8s_audit"
 - spawn a shell: run with .... "bash"

The default is "syscall" to preserve existing behavior.

In most cases, you'll need to provide kube config
files/directories that allow access to your cluster. A
command like the following will work:

```
docker run -v $HOME/.kube:/root/.kube -it falcosecurity/falco-event-generator
k8s_audit
```

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-01-15 09:35:28 +01:00
Nacho Rasche
4a7e318833 Add Skyscanner to adopters 
Signed-off-by: Nacho Rasche <nacho.rasche@skyscanner.net>
 2020-01-14 13:41:08 +01:00
toc-me[bot]
373d2bfd89 Update ToC for proposals/20191217-rules-naming-convention.md 
Signed-off-by: kaizhe <derek0405@gmail.com>

address comments

Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-01-07 14:58:12 +01:00
Kaizhe Huang
4065af25c1 Update proposals/20191217-rules-naming-convention.md 
Co-Authored-By: Leo Di Donato <leodidonato@gmail.com>

Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-01-07 14:58:12 +01:00