github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-04 02:16:46 +00:00
Code Issues Projects Releases Wiki Activity
2,879 Commits 117 Branches 173 Tags 104 MiB
a7ebfbf137
Commit Graph

2879 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Leonardo Grasso
ef75c63e63 chore(scripts): print versions at the beginning 
Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 14:54:53 +01:00
Leonardo Grasso
fb126cb730 feat(scripts): --clean option for falco-driver-loader 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 14:54:53 +01:00
Leonardo Di Donato
645f51b296 new(scripts): falco-driver-loader know the Falco version it has been 
built for

Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-26 14:54:53 +01:00
Leonardo Di Donato
d912cf0d94 docs(scripts): falco-driver-loader outputs the Falco version it has been built for, also the driver version in use 
Both in the help/usage message and at running time.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-26 14:54:53 +01:00
Leonardo Di Donato
3f75f27410 docs(scripts): improve help of falco-driver-loader script 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-26 14:54:53 +01:00
Leonardo Di Donato
1504e77f4e update(scripts): falco-driver-loader can now start with a custom driver name 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-26 14:54:53 +01:00
Leonardo Grasso
40edfe66ba fix(docker/no-driver): handle urlencoding 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 12:55:11 +01:00
Leonardo Grasso
f800d4a101 docs: update links and badges for download.falco.org 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 12:55:11 +01:00
Leonardo Grasso
4f1a2418fe build(.circleci): publish packages to S3 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 12:55:11 +01:00
Leonardo Grasso
442011d07e build(.circleci): publish dev packages to S3 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 12:55:11 +01:00
Leonardo Grasso
70ee1093d8 build(docker): fetch packages from download.falco.org 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 12:55:11 +01:00
Leonardo Grasso
3936740390 build(scripts): add cloudfront invalidation for publishing scripts 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 12:55:11 +01:00
Leonardo Grasso
9bc04fd02d build(scripts): publishing script for DEBs 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 12:55:11 +01:00
Leonardo Grasso
b6ac6de227 build(scripts): publishing script for RPMs 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 12:55:11 +01:00
Leonardo Grasso
5ebb653977 build(scripts): publishing script for bin packages 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 12:55:11 +01:00
stevenshuang
167c5bc691 fix: update rule description 
Signed-off-by: stevenshuang <stevenshuang521@gmail.com>
 2021-03-24 18:47:55 +01:00
Leonardo Di Donato
1ded30f173 update(test): tighten the condition to test the drops thresholds 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
7edd965a08 fix(test/confs): drop log messages are debug, fix the test fixture accordingly 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
920ab6982a new(test): test cases about wrong threshold drop config value 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
3842e07422 update(userspace/falco): drop messages are DEBUG level 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
7bc5fcf047 fix(userspace/falco): validate the drop threshold config value 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
199a1c22c6 fix(userspace/falco): n_evts does not containd the dropped events count 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
5380fe5308 new(test): test case about illogical drop actions 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
e3f7cdab20 update(userspace/falco): pass to sdropmgr the threshold 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
1714926cc6 update(userspace/falco): reduce noisiness 
The threshold governs the noisiness of the drops.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
4774e92bc2 refactor(userspace/falco): refactor the enum of drop actions into an enum class 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
a1b58d70a7 update(userspace/falco): grab the threshold configuration value + do not allow the ignore action to work with any other except the exit one 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
b8b50932fe update: reduce the max burst of event drops 
This also introduces a threshold configurable value.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Kaizhe Huang
7ea80e39b1 rule(Set Setuid or Setgid bit) update: add k3s-agent in the whitelist 
Signed-off-by: Kaizhe Huang <derek0405@gmail.com>
 2021-03-22 11:36:59 +01:00
Kaizhe Huang
b58f76b268 rule (Debugfs Launched in Privileged Container and Mount Launched in Privileged Container): create 
Signed-off-by: Kaizhe Huang <derek0405@gmail.com>
 2021-03-22 11:36:59 +01:00
JenTing Hsiao
b1801c28c7 Bump year to 2021 
Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>
 2021-03-12 10:45:31 +01:00
JenTing Hsiao
e1d3e68a84 Modprobe/rmmod at systemd service start/stop 
Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>
 2021-03-12 10:45:31 +01:00
JenTing Hsiao
5661b491af Removes the comments in systemd service files 
Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>
 2021-03-12 10:45:31 +01:00
JenTing Hsiao
39bb5c28c7 Migrate from init to systemd in debian package 
Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>
 2021-03-12 10:45:31 +01:00
JenTing Hsiao
3ba62a4031 Migrate from init to systemd in rpm package 
Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>
 2021-03-12 10:45:31 +01:00
Shane Lawrence
2f0e09b549 rule (Write below monitored dir): Clean up and use glob matching. 
Signed-off-by: Shane Lawrence <shane@lawrence.dev>
 2021-03-12 10:37:16 +01:00
POCTEO
34bbe2984f Pocteo as an adopter 
Signed-off-by: Walid DRIDI <contact@pocteo.co>
 2021-03-11 16:58:59 +01:00
Leonardo Grasso
825e6caf2d build: fetch build deps from download.falco.org 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-10 18:00:52 +01:00
jonahjon
96ad761308 adding falco-slim build/push 
Signed-off-by: jonahjon <jonahjones094@gmail.com>
 2021-03-05 12:22:47 +01:00
Leo Di Donato
bb7ce37159 fix(.circleci): correctly publish the falco-driver-loader container image from master to AWS ECR gallery 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-05 12:22:47 +01:00
Leo Di Donato
c66d056f67 fix(.circleci): the falco-driver-loader container images requires FALCO_IMAGE_TAG build arg (release to AWS ECR gallery) 
Signed-off-by: Leonardo Di Donato
 2021-03-05 12:22:47 +01:00
Leo Di Donato
6a2759fe94 update(.circleci): tag falco-no-driver:<tag> image as falco-no-driver:latest, falco:<tag>-slim, and falco:latest-slim 
And publish them too.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-05 12:22:47 +01:00
Leo Di Donato
b91c5b613a update(.circleci): falco-no-driver:latest from bin bucket 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-05 12:22:47 +01:00
Leo Di Donato
6fe9f8da0b fix(.circleci): falco-no-driver container images grabs Falco from the bin[-dev] bucket 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-05 12:22:47 +01:00
jonahjon
e888a1d354 adding other alternate AWS builds to circleCI 
Signed-off-by: jonahjon <jonahjones094@gmail.com>
 2021-03-05 12:22:47 +01:00
Isaac Rivera
6e746d71ba fixing typo 
Signed-off-by: Isaac Rivera <irivera007@yahoo.com>
 2021-03-05 12:16:33 +01:00
Isaac Rivera
2de8176c88 adding shapesecurity to adopters 
Signed-off-by: Isaac Rivera <irivera007@yahoo.com>
 2021-03-05 12:16:33 +01:00
Shane Lawrence
74164b1ef8 Use default pip version to get avocado version. 
Signed-off-by: Shane Lawrence <shane@lawrence.dev>
 2021-03-05 10:50:27 +01:00
Shane Lawrence
da8f054043 Fix broken links to docs. 
Signed-off-by: Shane Lawrence <shane@lawrence.dev>
 2021-03-05 10:48:21 +01:00
Bart van der Schans
05545f228d Add flex and bison to docker for building bpf module on recent amazon linux2 
Signed-off-by: Bart van der Schans <bart@vanderschans.nl>
 2021-03-05 10:46:10 +01:00