github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 23:57:29 +00:00
Code Issues Projects Releases Wiki Activity
3,915 Commits 121 Branches 172 Tags 104 MiB
aa62b65c70
Commit Graph

3915 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason Dellaluce
3ab7c7d753 chore: fix typos 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00
Jason Dellaluce
aeef99e173 update(cmake): bump libs and driver versions to f0468f32d8d730d0e70d8e103d57f97d74dd374f 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00
Jason Dellaluce
b225549679 test(unit_test): adapt and grow tests on configure_intertesting_sets 
The test now take in accoint pre/post-conditions of the actions,
usage of the -A option, and the newly-introduced base_syscall
user configuration. This also makes sure that the event selection
properly handles generic events and options/configs precedence.

Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00
Jason Dellaluce
a7f521b4b8 chore(unit_tests): move existing test in right directory 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00
Jason Dellaluce
2645f6640c chore(userspace/falco): rename source file using its action name 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00
Jason Dellaluce
fb37d8f365 refactor(userspace/falco): adapt event set selection to only use ppm_sc and new engine features 
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00
Jason Dellaluce
19ffadc763 update(userspace/engine): support searching ppm_sc events in rulesets 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00
Jason Dellaluce
07980b7822 new(.github): add dependabot configuration for updating git submodules 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-08 19:03:09 +01:00
m.nabokikh
49cef071cf Add Deckhouse to Falco adopters 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-03-08 12:39:07 +01:00
Melissa Kilby
0de9af9ed0 fix(app_actions): base_syscalls check for empty string 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-24 11:43:43 +01:00
Melissa Kilby
58dc60e58d cleanup(app_actions): address reviewers comments 
* Plus minor adjustments to ensure correct state_event_set for all configurations
* Ensure valid check_for_rules_unsupported_events for all configurations
* Remove user input validation warning -> re-introduce in follow up PR

Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-24 11:43:43 +01:00
Melissa Kilby
b6f6195725 cleanup(app_actions): include activated syscalls in LOG_DEBUG logs 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-24 11:43:43 +01:00
Melissa Kilby
d6421d4e67 new(config): add base_syscalls option to config 
See https://github.com/falcosecurity/falco/issues/2373

Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Co-authored-by: Stanley Chan <pocketgamer5000@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-24 11:43:43 +01:00
Melissa Kilby
76a3c8d7ee new(app_actions): introduce base_syscalls 
See https://github.com/falcosecurity/falco/issues/2373

Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-24 11:43:43 +01:00
Jason Dellaluce
7d67fbbfe7 chore(userspace/falco): apply review suggestions 
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
31d06a5532 update(cmake): bump libs to e1d0fd9b043f1c7dfd91c9d030c11cfe2c062931 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
b9d03e8f2b update(cmake): bump driver and libs to c592f4f230e48f36a50c1716fd94e7e279b67513 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
5ed5c63202 refactor: adapt event set configuration changes to new libs definition 
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
01faeecee7 update(cmake): bump driver to 8a8d2389e4eea9e89efef9e3b06a70aa2a0bf5d0 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
4706cd8b4e cleanup: solve std namespace issues and remove unused imports 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
010f6c6a9e update(userspace/engine): bump fields checksum 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
1485dc5d68 refactor(userspace/falco): adapt app actions to new event definitions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
e7d76ca722 refactor(userspace/falco): use new event definitions in app state 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
6c38ecaf0e update(userspace/engine): adapt engine classes to new libsinsp event definitions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
34ea7a8245 cleanup(userspace/engine): drop filtr_evttype_resolver 
Its logic was ported into libsinsp in:
3d8550e70e

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
e54eda16f7 fix(test/plugins): solve compilation issues 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
4c72f36748 update(cmake): bump libs to 8a8d2389e4eea9e89efef9e3b06a70aa2a0bf5d0 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Melissa Kilby
3b5633a3e5 cleanup(unit_tests): remove some rebase leftovers 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-21 14:31:28 +01:00
Melissa Kilby
d89f4b4904 cleanup(app_actions): adjust ignored events 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-21 14:31:28 +01:00
Melissa Kilby
16aa36291a fix rebase 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-21 14:31:28 +01:00
Melissa Kilby
72439b2eed cleanup(app_actions): adjust configure_interesting_sets 
* address reviewers feedback
* improve clarity around new -A and -i behavior
* additional cleanup (e.g. use generic set operations only)
* extend unit tests

Note: sinsp ppm sc API is undergoing a refactor, therefore current lookups are interim
and will subsequently be refactored as well.

Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-21 14:31:28 +01:00
Melissa Kilby
f77f8667a1 cleanup(tests): add unit tests for configure_interesting_sets 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-21 14:31:28 +01:00
Melissa Kilby
30fe065446 cleanup(app_actions): configure -A w/ new default behavior 
Define new -A behavior in configure_interesting_sets

* default: all syscalls in rules included, sinsp state enforcement without high volume I/O syscalls
* -A flag set: all syscalls in rules included, sinsp state enforcement and allowing high volume I/O syscalls

Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-21 14:31:28 +01:00
Melissa Kilby
91c185a178 cleanup(app_actions): include evttypes from rules in configure_interesting_sets 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
34ed5a5fc9 chore: fix typos 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 11:09:29 +01:00
Jason Dellaluce
f34ef41e8a test(userspace/falco): add tests for atomic signal handler 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 11:09:29 +01:00
Jason Dellaluce
70c22c7d2e refactor(userspace/falco): adapt actions to new signal handler constructs 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 11:09:29 +01:00
Jason Dellaluce
eb3bf7260d refactor(userspace/falco): add an ad-hoc concurrent object for signal handlers 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 11:09:29 +01:00
Jason Dellaluce
5470a88b61 fix(userspace/falco): add missing constructors/methods on falco semaphore 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 11:09:29 +01:00
Luca Guerra
e19f536514 new(docs): add security audit from January 2023 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-02-21 08:23:28 +01:00
Aldo Lacuku
7a0ca9f534 new(docs): update Changelog for 0.34.1 
Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
 2023-02-20 14:45:17 +01:00
Aldo Lacuku
bdca1ce0a6 update(cmake): bumped libs to 0.10.4 
Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
 2023-02-17 16:40:44 +01:00
Jason Dellaluce
94882f3fd2 test(unit_tests): add tests for select_event_sources action 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-15 10:51:35 +01:00
Jason Dellaluce
9fd6bbf2bf update(unit_tests): link test suite to falco app cmake target 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-15 10:51:35 +01:00
Jason Dellaluce
bf5b8f5c83 new(userspace/falco): add intermediate cmake target for falco app 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-15 10:51:35 +01:00
Jason Dellaluce
a7ef45852c fix(unit_tests): invert libraries and dependencies in CMakeLists 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-15 10:51:35 +01:00
Jason Dellaluce
c45bf3eb17 chore(userspace/falco): rename falco_init into falco_run 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-14 17:33:31 +01:00
Jason Dellaluce
149544d7ab chore(userspace/falco): fix spacing and license 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-14 17:33:31 +01:00
Jason Dellaluce
1eb915bf2f fix(userspace/falco): solve issues with minimal build 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-14 17:33:31 +01:00
Jason Dellaluce
3d6393ae62 fix: solve unit test issues 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-14 17:33:31 +01:00