github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-27 15:17:50 +00:00
Code Issues Projects Releases Wiki Activity
2,552 Commits 121 Branches 172 Tags 104 MiB
a94e6de458
Commit Graph

2552 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michele Zuccala
a684bec007 update(userspace/falco): throw logic errors on invalid config values for metadata download 
Signed-off-by: Michele Zuccala <michele@zuccala.com>
 2021-09-20 16:56:15 +02:00
Michele Zuccala
812aa9b566 new(userspace/falco): add customizable metadata fetching params 
Signed-off-by: Michele Zuccala <michele@zuccala.com>
 2021-09-20 16:56:15 +02:00
Tom Keyte
e0f8b81692 Remove duplicate allowed ecr registry rule 
Signed-off-by: Tom Keyte <tom.keyte@onsecurity.co.uk>
 2021-09-17 11:12:54 +02:00
Alberto Pellitteri
874809351f rules(list https_miner_domains): fix typo in the list 
Co-authored-by: darryk10 <stefano.chierici@sysdig.com>
Signed-off-by: Alberto Pellitteri <albertopellitteri96@gmail.com>
 2021-09-17 09:16:54 +02:00
Alberto Pellitteri
4527228ef8 rules(list https_miner_domains): add new miner domains 
Signed-off-by: Alberto Pellitteri <albertopellitteri96@gmail.com>
Co-authored-by: darryk10 <stefano.chierici@sysdig.com>
 2021-09-17 09:16:54 +02:00
Alberto Pellitteri
e684c95e23 rules(list miner_domains): add new miner domains 
Signed-off-by: Alberto Pellitteri <albertopellitteri96@gmail.com>
Co-authored-by: darryk10 <stefano.chierici@sysdig.com>
 2021-09-17 09:16:54 +02:00
Leonardo Grasso
2390ca447a new: ability to filter by a node when fetching K8S metadata 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-09-16 15:33:41 +02:00
Leonardo Grasso
af0e6da375 build(cmake/modules): upgrade driver version to f7029e 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-09-16 15:33:41 +02:00
Michal Schott
84e7d3f18f Switching from stable to old-stable (buster). 
Added libssl-dev package.

Signed-off-by: Michal Schott <michal.schott@onegini.com>
 2021-09-10 01:11:38 +02:00
Thomas Labarussias
2a8c0e8bb7 add Qonto as adopter 
Signed-off-by: Thomas Labarussias <issif+github@gadz.org>
 2021-09-02 17:36:36 +02:00
Michele Zuccala
f28688551c fix(build): adapt to new debian 11 package names 
Signed-off-by: Michele Zuccala <michele@zuccala.com>
 2021-08-25 17:18:20 +02:00
Leonardo Grasso
b12d37a3b8 docs(RELEASE.md): switch to 3 releases per year 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-08-25 17:17:20 +02:00
Loris Degioanni
5e027c7fe2 Proposal for a libs plugin system 
Description of changes to falcosecurity/libs and /falco to support
plugins to provide events and extract fields from events.

Signed-off-by: Loris Degioanni <loris@sysdig.com>
Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Co-authored-by: Mark Stemm <mark.stemm@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2021-08-24 17:52:19 +02:00
Leo Di Donato
efbe887d6e docs: CHANGELOG for 0.29.1 cleanup 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-07-30 12:20:10 +02:00
Leonardo Grasso
7dcbeb1f44 build(.circleci): ncurses is not required anymore 
Since `libs` version 13ec67ebd23417273275296813066e07cb85bc91

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-07-29 18:20:47 +02:00
Leonardo Grasso
93667f2d3e build(docker/builder): ncurses-dev is not required anymore 
Since `libs` version 13ec67ebd23417273275296813066e07cb85bc91

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-07-29 18:20:47 +02:00
Leonardo Di Donato
b5b1763d09 docs: CHANGELOG for Falco 0.29.1 changeset 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-06-30 16:14:26 +02:00
Leonardo Di Donato
d6690313a0 update(rules): bump the required engine version to version 9 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-06-23 10:44:03 +02:00
Leonardo Di Donato
98ce88f7ef chore(rules): imporve name of the list for userfaultfd exceptions 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-06-23 10:44:03 +02:00
Leonardo Di Donato
9ff8099501 update(userspace/engine): bump falco engine version 
Co-authored-by: Kaizhe Huang <derek0405@gmail.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-06-23 10:44:03 +02:00
Leonardo Di Donato
7db4778f55 update(rules): introducing list user_known_userfaultfd_activities to exclude processes known to use userfaultfd syscall 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-06-23 10:44:03 +02:00
Leonardo Di Donato
7f761ade4b update(rules): introducing the macro consider_userfaultfd_activities to act as a gate 
Co-authored-by: Kaizhe Huang <derek0405@gmail.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-06-23 10:44:03 +02:00
Leonardo Di Donato
84257912e0 update(rules): tag rule as syscall 
Co-authored-by: Kaizhe Huang <derek0405@gmail.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-06-23 10:44:03 +02:00
Leonardo Di Donato
9bc942c654 new(rules): detect unprivileged (successful) userfaultfd syscalls 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-06-23 10:44:03 +02:00
Leonardo Di Donato
8216b435cb update(rules): adding container info to the output of the Lryke detecting kernel module injections from containers 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-06-23 10:44:03 +02:00
maxgio
78f710c706 docs(release.md): update 
Signed-off-by: maxgio92 massimiliano.giovagnoli.1992@gmail.com

Co-authored-by: Leo Di Donato <leodidonato@gmail.com>
 2021-06-22 18:59:28 +02:00
maxgio
1dd97c1b6f docs(release.md): update 
Signed-off-by: maxgio92 massimiliano.giovagnoli.1992@gmail.com

Co-authored-by: Leo Di Donato <leodidonato@gmail.com>
 2021-06-22 18:59:28 +02:00
maxgio92
3ef5716fa2 docs(release.md): document website snapshot for new minor versions 
Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>
 2021-06-22 18:59:28 +02:00
maxgio92
64102078c7 docs(release.md): update gh release description template 
Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>
 2021-06-22 18:59:28 +02:00
maxgio92
9703853da8 docs(changelog.md): add new non-user facing change 
Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>
 2021-06-21 16:55:25 +02:00
maxgio92
96403fa275 docs(changelog.md): fix typo in rules change log 
Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>
 2021-06-21 16:55:25 +02:00
Thomas Spear
acd5422b55 Fix link to CONTRIBUTING.md in the Pull Request Template 
Signed-off-by: Thomas Spear <tspear@conquestcyber.com>
 2021-06-21 11:01:38 +02:00
maxgio92
099c79ddde docs(changelog.md): add release 0.29.0 
Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>
 2021-06-17 17:43:54 +02:00
Lorenzo Fontana
0f24448d18 rules(list miner_domains): add rx.unmineable.com for anti-miner detection 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2021-06-17 09:59:25 +02:00
Leonardo Grasso
1b63ad1aed build: upgrade driver version to 17f5d 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-06-16 14:50:07 +02:00
Kaizhe Huang
b268d4d6c3 rule update(Non sudo setuid): check user id as well in case user name info is not available 
Signed-off-by: Kaizhe Huang <khuang@aurora.tech>
 2021-06-10 13:44:05 +02:00
Kaizhe Huang
684a5d85ff disable test 
Signed-off-by: Kaizhe Huang <khuang@aurora.tech>
 2021-06-07 12:17:21 +02:00
Kaizhe Huang
58cea0c5e7 minor fix 
Signed-off-by: Kaizhe Huang <khuang@aurora.tech>
 2021-06-07 12:17:21 +02:00
Kaizhe Huang
38ebc61808 fix tests 
Signed-off-by: Kaizhe Huang <khuang@aurora.tech>
 2021-06-07 12:17:21 +02:00
Kaizhe Huang
535db19991 disable change thread namespace test 
Signed-off-by: Kaizhe Huang <khuang@aurora.tech>
 2021-06-07 12:17:21 +02:00
Kaizhe Huang
abe46a19a0 minor changes 
Signed-off-by: Kaizhe Huang <derek0405@gmail.com>
 2021-06-07 12:17:21 +02:00
Kaizhe Huang
96fc8d1a27 update test 
Signed-off-by: Kaizhe Huang <derek0405@gmail.com>
 2021-06-07 12:17:21 +02:00
Kaizhe Huang
ad82f66be3 rules update(Change thread namespace and Set Setuid or Setgid bit): disable by default 
Signed-off-by: Kaizhe Huang <derek0405@gmail.com>
 2021-06-07 12:17:21 +02:00
Leonardo Grasso
c60fac9e34 build(test): upgrade urllib3 to 1.26.5 
CVE-2021-33503 has been fixed in urllib3 v1.26.5.
See:
 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503
 - https://github.com/urllib3/urllib3/releases/tag/1.26.5

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-06-04 22:15:33 +02:00
Sverre Boschman
35dc315390 add known k8s service accounts 
Signed-off-by: Sverre Boschman
 2021-06-04 10:46:09 +02:00
maxgio92
62c995f309 revert: add notes for 0.28.2 release 
This reverts commit 3432551295.

Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>
 2021-06-01 15:47:37 +02:00
maxgio92
3432551295 changelog: add notes for 0.28.2 release 
Signed-off-by: maxgio92 <massimiliano.giovagnoli.1992@gmail.com>
 2021-05-27 14:51:17 +02:00
Kaizhe Huang
09e1604fe0 rule update(Debugfs Launched in Privileged Container): fix typo in description 
Signed-off-by: Kaizhe Huang <khuang@aurora.tech>
 2021-05-27 11:21:30 +02:00
Leonardo Grasso
da7279da1d build(cmake/modules): upgrade libs and drivers version to 13ec67ebd23417273275296813066e07cb85bc91 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-05-21 10:24:08 +02:00
Leonardo Grasso
05f5aa2af3 chore(cmake/modules): do not build libscap examples 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-05-21 10:24:08 +02:00