github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-02 17:42:18 +00:00
Code Issues Projects Releases Wiki Activity
4,893 Commits 117 Branches 173 Tags 104 MiB
a7433e032b
Commit Graph

4893 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Federico Di Pierro
a7433e032b chore(userspace/falco): make re2 patterns statically lived. 
Moreover, rename `falco_metrics::` methods to better expose
they return prometheus metrics.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-05-28 09:47:16 +02:00
Federico Di Pierro
bac052f5d2 cleanup(userspace/falco): only push metrics for enabled sources. 
Refactor `::to_text` a bit to be more clear.
Also, we will push agent_info and machine_info only for the first
inspector that exposes them, to avoid duplicated entries in the prometheus text.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-28 09:47:16 +02:00
Melissa Kilby
0ffe864e42 fix(metrics/prometheus): non-duplicate evt_source retrieval 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-28 09:47:16 +02:00
Melissa Kilby
4ef697b2c6 cleanup(metrics/prometheus): add detailed logic explanation wrt inspector loop 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-28 09:47:16 +02:00
Melissa Kilby
b90f3cc18e update(metrics/prometheus): place syscalls inspector (if applicable) at index 0 of loop 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-28 09:47:16 +02:00
Melissa Kilby
4c12c2b1b5 fix(metrics/prometheus): gracefully handle multiple event sources, avoid erroneous duplicate metrics 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-28 09:47:16 +02:00
Luca Guerra
8f86f20d17 chore(build): update falcoctl, rules for artifact follow 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-27 16:53:12 +02:00
dependabot[bot]
70b0167f76 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `cb17833` to `b4437c4`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](cb17833316...b4437c492f)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: b4437c492fa3877c1b72ff61095c5be50fab8253
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-27 08:51:10 +02:00
Federico Di Pierro
38cb34edc6 update(cmake): bumped falcoctl to 0.11.1 and rules to 4.0.0. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-26 18:50:06 +02:00
Luca Guerra
8a10bd52e6 update(containers): add labels 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-26 13:16:04 +02:00
Federico Di Pierro
8c703602c1 chore(userspace/falco): initialize m_falco_reload_ts to 0. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
Melissa Kilby
faee56fc1a cleanup: apply minor code pilot suggestions 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
Melissa Kilby
c4dcf9e4e8 cleanup(configs): move runtime generated configs to section w/ clear comments 
Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
Melissa Kilby
309ccf65d3 cleanup(metrics): simplify logic around immediate metrics logging after start/reload 
* For consistency don't make first run metrics log special
* Remove firt tick variable altogether to enable metrics logging immediately after startup/reload

Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
Melissa Kilby
22d40e2a65 clenaup(metrics): rename new restart_ts to reload_ts to reflect hot relaod conditions 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
Melissa Kilby
c86a45e2ca update(metrics): introduce restart ts metric to statistically inspect restart/hot_reload conditions 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
Melissa Kilby
7b8fdd8f97 update(metrics): introduce immediate initial metrics msg (output_rule or output_file) upon start/restart/hot_reload 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
dependabot[bot]
2250c0135b chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `4ccf111` to `cb17833`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](4ccf111c36...cb17833316)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: cb17833316dd6beaf8098cb2cba933bcd9e6ebd7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-26 10:09:25 +02:00
Leonardo Grasso
917a477ec2 update(cmake/rules): bump to falco-rules-4.0.0-rc1 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-05-20 19:05:29 +02:00
Federico Di Pierro
831e804473 cleanup(userspace/falco): drop unused libs_metrics_collector variable. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-20 17:34:29 +02:00
poiana
145036e923 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-19 11:06:01 +02:00
Federico Di Pierro
4074148435 fix(build): fixed container custom_target sed command. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-15 18:27:41 +02:00
dependabot[bot]
1728a5febc chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `ae6ed41` to `4ccf111`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](ae6ed41a7a...4ccf111c36)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: 4ccf111c36ed910c7de6291db898bdb0225bcf18
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-15 18:22:42 +02:00
Tero Kauppinen
1533734fc4 There is an issue in building the bundled c-ares on certain 
distributions such as SLES. The cmake file for c-ares sets
'CARES_LIB' destination directory to '${CARES_SRC}/lib' but when the
bundled c-ares is compiled it produces a binary which is placed in
the '${CARES_SRC}/lib64' directory.

This is due to the fact that the bundled c-ares expands
${CMAKE_INSTALL_LIBDIR} to 'lib64' and not to 'lib' which is
expected by 'CARES_LIB'.

The fix is to enforce the building process of the bundled c-ares
to place the produced binary in 'lib'.

Signed-off-by: Tero Kauppinen <tero.kauppinen@est.tech>
 2025-05-15 14:36:40 +02:00
dependabot[bot]
f6c624a4e0 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `1d2c6b1` to `ae6ed41`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](1d2c6b1f0b...ae6ed41a7a)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: ae6ed41a7a6002367edfc358db4c0e99d8dc820e
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-14 09:26:34 +02:00
Federico Di Pierro
50bc0037e5 Revert "chore(deps): Bump submodules/falcosecurity-rules" 
This reverts commit 99b7215439.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-13 16:18:30 +02:00
Federico Di Pierro
b0ef64b449 update(userspace/engine): bump engine version and checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-12 12:01:22 +02:00
poiana
f4f7ccf777 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-12 12:01:22 +02:00
Luca Guerra
ae28be023e cleanup(engine): update docs for rule_files and -r option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-12 10:58:22 +02:00
Luca Guerra
28e7050f0f cleanup(engine): remove unreachable function engine::read_file 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-12 10:58:22 +02:00
Luca Guerra
910788850a cleanup(engine): only consider .yaml/.yml rule files 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-12 10:58:22 +02:00
Federico Di Pierro
a41e3df45d update(userspace/engine): bump engine checksum and version. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 15:03:44 +02:00
FedeDP
06c4133b90 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-06 15:03:44 +02:00
Kunal Singh
61d9383e8f using vet github url 
Signed-off-by: Kunal Singh <kunalsin9h@gmail.com>
 2025-05-06 15:02:45 +02:00
Kunal Singh
60d6368c08 Added SafeDep as Adopter. 
Signed-off-by: Kunal Singh <kunalsin9h@gmail.com>
 2025-05-06 15:02:45 +02:00
Federico Di Pierro
ff288f70b3 chore(userspace/falco): rework a bit -p cli option help message. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
Federico Di Pierro
fb292e6fbb fix(unit_tests): fixed extra format unit tests. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
Federico Di Pierro
6e4b7663ca cleanup(userspace/engine,userspace/falco): drop replace_container_info flag. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
Federico Di Pierro
0326210f49 cleanup(userspace/falco): deprecate -p option. 
Also, `-pc` and `-pk` won't do anything now.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
Federico Di Pierro
11f6fc5d14 cleanup(userspace/engine): deprecated %container.info. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-06 10:06:43 +02:00
poiana
7badc31cb1 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-05 12:02:39 +02:00
FedeDP
11c7e23569 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-30 10:05:09 +02:00
Federico Di Pierro
08a00609a1 new(userspace,unit_tests): port merge-strategy to be a yaml map. 
Merge-strategy for included config files must now be
specified as yaml map of the form:
- path: foo
  strategy: bar

If `strategy` is omitted, or the old `string-only` form is used,
`append` strategy is enforced.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 16:17:06 +02:00
Federico Di Pierro
630167d9ad new(userspace,unit_tests)!: add a way to specify merge-strategy for config_files. 
By default we now use the `append` merge-strategy:
* existing sequence keys will be appended
* existing scalar keys will be overridden
* non-existing keys will be added

We also have an `override` merge-strategy:
* existing keys will be overridden
* non-existing keys will be added

Finally, there is an `add-only` merge-strategy:
* existing keys will be ignored
* non-existing keys will be added

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 16:17:06 +02:00
Federico Di Pierro
80d52963d6 fix(userspace): fixed engine openssl dep. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 13:50:04 +02:00
benierc
835ac52f4f Update userspace/falco/config_json_schema.h 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: benierc <clement.benier@iot.bzh>
 2025-04-29 11:52:05 +02:00
benierc
543734af3c Apply suggestions from code review 
Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
Signed-off-by: benierc <clement.benier@iot.bzh>
 2025-04-29 11:52:05 +02:00
Clément Bénier
186614dff4 fix(userspace/falco): fix outputs_http timeout 
libcurl timeout prevent to send alert through http
keep trying to send the alert

Signed-off-by: Clément Bénier <clement.benier@iot.bzh>
 2025-04-29 11:52:05 +02:00
Federico Di Pierro
52127d4c8a update(userspace/engine): bump engine checksum and version. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 09:48:03 +02:00
poiana
04c1a11136 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-04-29 09:48:03 +02:00