github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-08 18:19:30 +00:00
Code Issues Projects Releases Wiki Activity
4,698 Commits 119 Branches 173 Tags
b0d3bef3e5551b9cae89b8b5343bee8c5e8e4aee
Commit Graph

4698 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Federico Di Pierro
b0d3bef3e5 update(changelog): updated changelog for 0.39.2. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-11-21 12:51:22 +01:00
Federico Di Pierro
89a024bfdf update(cmake): bumped falcoctl to v0.10.1. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
0.39.2 		2024-11-21 10:56:21 +01:00
Luca Guerra
3bc95a290a update(ci): replace aarch64 actuated runners with oracle 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-11-21 10:56:21 +01:00
Federico Di Pierro
c20907332d chore(cmake): bump libs to 0.18.2. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-11-21 10:56:21 +01:00
Federico Di Pierro
2804d60bd2 update(changelog): updated changelog for 0.39.1. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
0.39.1 0.39.1-rc1 		2024-10-08 12:54:09 +02:00
Luca Guerra
7c8209ed8e update(tests): add tests for plugin init_config 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-08 12:54:09 +02:00
Luca Guerra
3c4b315ff2 fix(engine): allow null init_config for plugin info 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-08 12:54:09 +02:00
Luca Guerra
92d6c4bab6 fix(engine): disable comma separated vectors in cxxopts 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-08 12:54:09 +02:00
Federico Di Pierro
51a19ea6cb fix(userspace/falco): fix event set selection for plugin with parsing capability. 
In live mode we need to use the source_info inspectors instead of the offline inspector.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-10-08 12:54:09 +02:00
Aldo Lacuku
88d73505b0 update(changelog): add changelog for falco 0.39.0 
Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
0.39.0 		2024-10-01 09:58:36 +02:00
Luca Guerra
f2d23af415 fix(falco): allow disable_cri_async from both CLI and config 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-30 16:10:32 +02:00
Luca Guerra
10f87e515e cleanup(falco): ignore lint commit 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-30 16:10:32 +02:00
Poiana
82016080d0 chore(falco): apply code formatting 
Signed-off-by: Poiana <poiana.bot@gmail.com>
 2024-09-30 16:10:32 +02:00
Andrea Terzolo
bbb4d6e9b6 update: ignore_some_files 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-09-30 16:10:32 +02:00
Leonardo Di Giovanna
e34507c739 feat(stats): add host_netinfo networking information stats family 
Introduce host_netinfo stats family to hold information regarding host
networking. At the moment, it only provides ipv4 and ipv6 addresses
list for each interface available on the host. The naming schema for
the introduced stats is
falco.host_netinfo.interfaces.<ifname>.protocols.<ipv4|ipv6>.addresses.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2024-09-27 11:56:20 +02:00
Luca Guerra
ff32882a7f chore(build): update libs to 0.18.1 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-26 08:18:14 +02:00
Luca Guerra
f1b208f8fb fix(engine): sync outputs before printing stats at shutdown 
Signed-off-by: Luca Guerra <luca@guerra.sh>
0.39.0-rc3 		2024-09-24 10:15:05 +02:00
Leonardo Di Giovanna
ff65dc75ae cleanup(falco_metrics): remove unused falco_utils import 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2024-09-24 10:15:05 +02:00
Leonardo Di Giovanna
a1ff7c7384 fix(falco_metrics): remove ifinfo_json stat/metric 
Using JSON as value prevents any meaningful aggregation for the stats.
Splitting these information into multiple labels can drastically
increase the number of dimensions, as the number of interfaces and
addresses can be high in some environment. Moreover, these information
are not currently refreshed, even if they can frequently change. Given
these reasons, remove ifinfo_json from stats and metrics.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2024-09-24 10:15:05 +02:00
Leonardo Di Giovanna
fb47e816ae fix(falco_metrics)!: use full name for configs and rules files 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2024-09-24 10:15:05 +02:00
Leonardo Di Giovanna
39dfd6765a fix(falco_metrics)!: split tags label into multiple tag_ labels 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2024-09-24 10:15:05 +02:00
Luca Guerra
f4477f1ac2 update(tests): add test for plugin init_config map 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-24 10:15:05 +02:00
Luca Guerra
92fa3b5347 fix(falco): allow plugin init_config map in json schema 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-24 10:15:05 +02:00
Federico Di Pierro
fad91ea080 fix(userspace/falco): properly account for plugin with CAP_PARSING when computing interesting sc set. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-24 10:15:05 +02:00
Leonardo Di Giovanna
5e9a8fd665 update(systemd): add falco.service alias to all systemd units 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2024-09-24 10:15:05 +02:00
Federico Di Pierro
241f620956 update(cmake): bump libs to 0.18.0 and driver to 7.3.0+driver. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
0.39.0-rc2 		2024-09-18 11:11:52 +02:00
Federico Di Pierro
80816e67d6 chore(userspace/falco): deprecate cri related CLI options. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-18 11:11:52 +02:00
Federico Di Pierro
5874dc1f95 fix(userspace/engine): improve rule json schema to account for source and required_plugin_versions. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-18 11:11:52 +02:00
Federico Di Pierro
6b634df56e update(cmake): bump libs and driver to 0.18.0-rc2. 
Moreover, bumped falcoctl to v0.10.0 and rules to 3.2.0.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
0.39.0-rc1 		2024-09-16 16:04:48 +02:00
Luca Guerra
037d7f9b36 cleanup(falco): use a header file for rule json schema 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-16 09:59:46 +02:00
Luca Guerra
ed4fb33981 cleanup(falco): use header file for json schema 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-16 09:59:46 +02:00
Luca Guerra
cd0d607f14 update(falco): add warning if the append condition does not appear to make sense 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-13 15:58:36 +02:00
Luca Guerra
5c959d0b1b update(falco): use std::include for readability 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-13 15:58:36 +02:00
Luca Guerra
a2336f186e update(falco): update json schema 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-13 15:58:36 +02:00
Luca Guerra
7005983409 update(engine): modify append_output format 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-13 15:58:36 +02:00
Melissa Kilby
d3c6a7478e update(falco_metrics): change prometheus rules metric naming 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-13 11:25:36 +02:00
Federico Di Pierro
d1644079e9 chore(userspace/falco): updated configuration schema. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-12 15:26:33 +02:00
Melissa Kilby
9089262569 update(falco_metrics): add kernel_event_counters_per_cpu_enabled config 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-12 15:26:33 +02:00
Melissa Kilby
2ceb6ecf0f update(Falco_metrics): fix prom subsystem for some scap vs falco metrics 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-12 15:26:33 +02:00
Melissa Kilby
2badce1714 update(falco_metrics): adjust sha256 prometheus name, remove double falco_ 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-12 15:26:33 +02:00
Melissa Kilby
4f35b3e4e2 update(falco_metrics): apply reviewers suggestions 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-12 15:26:33 +02:00
Melissa Kilby
9669a4a0bb update(falco_metrics): rearrange evts and drops prometheus metrics 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-12 15:26:33 +02:00
Andrea Terzolo
55069c8a0a chore: scaffolding for enabling code formatting 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-09-11 19:03:31 +02:00
Luca Guerra
bc7394b8c3 new(falco): add json_include_message_property option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-11 17:52:32 +02:00
Federico Di Pierro
0f26e3c9ed chore(userspace): adjusted rule_loader::result::as_verbose_string following errors and warnings output layout. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
468037151a chore(userspace,unit_tests): properly report all schema validation warnings from yaml_helper::validate_node(). 
`-V` option will print all warnings, while normal run will only print foremost warning.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
2f89a2c140 chore(userspace): added schema validation info to rule_loader::result as_json and as_string outputs. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
1f9bea5a0b update(userspace/engine): fixed priorities in rules schema. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
c8361efea7 chore(userspace/falco): reverted file to master version. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
118e82ae01 cleanup(userspace): drop unused includes from yaml_helper. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00