falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-06-29 16:17:32 +00:00

Author	SHA1	Message	Date
Jason Dellaluce	a7f521b4b8	chore(unit_tests): move existing test in right directory Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-03-09 09:39:12 +01:00
Jason Dellaluce	2645f6640c	chore(userspace/falco): rename source file using its action name Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-03-09 09:39:12 +01:00
Jason Dellaluce	fb37d8f365	refactor(userspace/falco): adapt event set selection to only use ppm_sc and new engine features Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-03-09 09:39:12 +01:00
Jason Dellaluce	19ffadc763	update(userspace/engine): support searching ppm_sc events in rulesets Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-03-09 09:39:12 +01:00
Jason Dellaluce	07980b7822	new(.github): add dependabot configuration for updating git submodules Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-03-08 19:03:09 +01:00
m.nabokikh	49cef071cf	Add Deckhouse to Falco adopters Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2023-03-08 12:39:07 +01:00
Melissa Kilby	0de9af9ed0	fix(app_actions): base_syscalls check for empty string Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-24 11:43:43 +01:00
Melissa Kilby	58dc60e58d	cleanup(app_actions): address reviewers comments * Plus minor adjustments to ensure correct state_event_set for all configurations * Ensure valid check_for_rules_unsupported_events for all configurations * Remove user input validation warning -> re-introduce in follow up PR Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-24 11:43:43 +01:00
Melissa Kilby	b6f6195725	cleanup(app_actions): include activated syscalls in LOG_DEBUG logs Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-24 11:43:43 +01:00
Melissa Kilby	d6421d4e67	new(config): add base_syscalls option to config See https://github.com/falcosecurity/falco/issues/2373 Co-authored-by: Federico Di Pierro <nierro92@gmail.com> Co-authored-by: Stanley Chan <pocketgamer5000@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-24 11:43:43 +01:00
Melissa Kilby	76a3c8d7ee	new(app_actions): introduce base_syscalls See https://github.com/falcosecurity/falco/issues/2373 Co-authored-by: Federico Di Pierro <nierro92@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-24 11:43:43 +01:00
Jason Dellaluce	7d67fbbfe7	chore(userspace/falco): apply review suggestions Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	31d06a5532	update(cmake): bump libs to e1d0fd9b043f1c7dfd91c9d030c11cfe2c062931 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	b9d03e8f2b	update(cmake): bump driver and libs to c592f4f230e48f36a50c1716fd94e7e279b67513 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	5ed5c63202	refactor: adapt event set configuration changes to new libs definition Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	01faeecee7	update(cmake): bump driver to 8a8d2389e4eea9e89efef9e3b06a70aa2a0bf5d0 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	4706cd8b4e	cleanup: solve std namespace issues and remove unused imports Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	010f6c6a9e	update(userspace/engine): bump fields checksum Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	1485dc5d68	refactor(userspace/falco): adapt app actions to new event definitions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	e7d76ca722	refactor(userspace/falco): use new event definitions in app state Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	6c38ecaf0e	update(userspace/engine): adapt engine classes to new libsinsp event definitions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	34ea7a8245	cleanup(userspace/engine): drop filtr_evttype_resolver Its logic was ported into libsinsp in: `3d8550e70e` Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	e54eda16f7	fix(test/plugins): solve compilation issues Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	4c72f36748	update(cmake): bump libs to 8a8d2389e4eea9e89efef9e3b06a70aa2a0bf5d0 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Melissa Kilby	3b5633a3e5	cleanup(unit_tests): remove some rebase leftovers Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-21 14:31:28 +01:00
Melissa Kilby	d89f4b4904	cleanup(app_actions): adjust ignored events Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-21 14:31:28 +01:00
Melissa Kilby	16aa36291a	fix rebase Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-21 14:31:28 +01:00
Melissa Kilby	72439b2eed	cleanup(app_actions): adjust configure_interesting_sets * address reviewers feedback * improve clarity around new -A and -i behavior * additional cleanup (e.g. use generic set operations only) * extend unit tests Note: sinsp ppm sc API is undergoing a refactor, therefore current lookups are interim and will subsequently be refactored as well. Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-21 14:31:28 +01:00
Melissa Kilby	f77f8667a1	cleanup(tests): add unit tests for configure_interesting_sets Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-21 14:31:28 +01:00
Melissa Kilby	30fe065446	cleanup(app_actions): configure -A w/ new default behavior Define new -A behavior in configure_interesting_sets * default: all syscalls in rules included, sinsp state enforcement without high volume I/O syscalls * -A flag set: all syscalls in rules included, sinsp state enforcement and allowing high volume I/O syscalls Co-authored-by: Federico Di Pierro <nierro92@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-21 14:31:28 +01:00
Melissa Kilby	91c185a178	cleanup(app_actions): include evttypes from rules in configure_interesting_sets Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	34ed5a5fc9	chore: fix typos Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 11:09:29 +01:00
Jason Dellaluce	f34ef41e8a	test(userspace/falco): add tests for atomic signal handler Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 11:09:29 +01:00
Jason Dellaluce	70c22c7d2e	refactor(userspace/falco): adapt actions to new signal handler constructs Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 11:09:29 +01:00
Jason Dellaluce	eb3bf7260d	refactor(userspace/falco): add an ad-hoc concurrent object for signal handlers Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 11:09:29 +01:00
Jason Dellaluce	5470a88b61	fix(userspace/falco): add missing constructors/methods on falco semaphore Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 11:09:29 +01:00
Luca Guerra	e19f536514	new(docs): add security audit from January 2023 Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-02-21 08:23:28 +01:00
Aldo Lacuku	7a0ca9f534	new(docs): update Changelog for 0.34.1 Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>	2023-02-20 14:45:17 +01:00
Aldo Lacuku	bdca1ce0a6	update(cmake): bumped libs to 0.10.4 Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>	2023-02-17 16:40:44 +01:00
Jason Dellaluce	94882f3fd2	test(unit_tests): add tests for select_event_sources action Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-15 10:51:35 +01:00
Jason Dellaluce	9fd6bbf2bf	update(unit_tests): link test suite to falco app cmake target Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-15 10:51:35 +01:00
Jason Dellaluce	bf5b8f5c83	new(userspace/falco): add intermediate cmake target for falco app Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-15 10:51:35 +01:00
Jason Dellaluce	a7ef45852c	fix(unit_tests): invert libraries and dependencies in CMakeLists Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-15 10:51:35 +01:00
Jason Dellaluce	c45bf3eb17	chore(userspace/falco): rename falco_init into falco_run Co-authored-by: Federico Di Pierro <nierro92@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	149544d7ab	chore(userspace/falco): fix spacing and license Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	1eb915bf2f	fix(userspace/falco): solve issues with minimal build Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	3d6393ae62	fix: solve unit test issues Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	5d35dff2a7	refactor(userspace/falco/app): standalone sources for action helpers Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	799557f7f7	refactor(userspace/falco/app): make run and teardown actions consistent Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00
Jason Dellaluce	fe859bda2d	refactor(userspace/engine): turn app methods into simple functions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-14 17:33:31 +01:00

1 2 3 4 5 ...

3562 Commits