github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-01 22:47:46 +00:00
Code Issues Projects Releases Wiki Activity
4,921 Commits 119 Branches 173 Tags 105 MiB
b499cf5665
Commit Graph

4921 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mariell Hoversholm
b499cf5665
Merge 61532a8004 into 0c12b44bc6 2025-07-09 15:54:03 +02:00
Mariell Hoversholm
61532a8004
fix(restart_handler): disable if there is no work 
When there is no work to do, i.e. when all config watching is disabled,
there is no need to keep the restart_handler running. Disable it in this
case.

This is helpful to do on nodes where there is little to no headroom in
terms of open inotify watches (as per the inotify/max_user_instances
configuration), as can happen on nodes populated with other software
that also watch the filesystem for changes. If Falco is run on such a
node, it may fail to start due to functionality the app does not even
intend on using.

This has one change in terms of behaviour, however: the dry-run restarts
will no longer occur. As there is still never going to happen a real
restart, I understand it as unlikely for there to be a proper need for
dry-run restarts.

Signed-off-by: Mariell Hoversholm <mariell@grafana.com>
 2025-07-09 15:44:54 +02:00
poiana
0c12b44bc6 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-07-02 17:22:29 +02:00
Leonardo Di Giovanna
33e6e1ef61 update(CHANGELOG.md): release 0.41.3 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-07-02 16:29:30 +02:00
dependabot[bot]
25be186548 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `4d51b18` to `1208816`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](4d51b1813f...120881647a)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: 120881647a359084f1a99439b33b7effadf62f45
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-02 12:22:28 +02:00
Federico Di Pierro
ea9e86d9e0 update(userspace): bump engine version and checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-30 14:25:18 +02:00
Federico Di Pierro
b2c76769cf fix(userspace/falco): enforce filtercheck overlap check for static fields too against plugin fields. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2025-06-30 14:25:18 +02:00
Federico Di Pierro
07266e1247 new(userspace/falco): append static filterchecks with static fields. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-30 14:25:18 +02:00
Federico Di Pierro
8d8ba5ba5c new(userspace/falco): add new static_fields config key + update schema. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-30 14:25:18 +02:00
Leonardo Di Giovanna
2ed1f0ffec docs(RELEASE.md): remove some unneeded old activities 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-06-18 15:38:05 +02:00
Leonardo Di Giovanna
f146204623 docs(RELEASE.md): fix falcosecurity/community repo link 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-06-18 15:38:05 +02:00
Leonardo Di Giovanna
56bf4933e7 docs(RELEASE.md): fix rn2md command documentation 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-06-18 15:38:05 +02:00
Leonardo Di Giovanna
d4e69e8c5a docs(RELEASE.md): fix release note checking procedure documentation 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-06-18 15:38:05 +02:00
poiana
a9386b37f2 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-06-17 16:22:45 +02:00
Leonardo Di Giovanna
25daddbf29 update(CHANGELOG.md): release 0.41.2 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-06-17 15:39:45 +02:00
Leonardo Grasso
720d3e61f2 chore(falco.yaml): clean up plugins config leftover 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-06-13 10:35:16 +02:00
Melissa Kilby
d55be4b29f doc(OWNERS): move incertum (Melissa Kilby) to emeritus_approvers 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-06-13 09:48:17 +02:00
dependabot[bot]
3d38e130fc chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `b4437c4` to `4d51b18`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](b4437c492f...4d51b1813f)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: 4d51b1813f4b6539cd3ccc0f82b668614b1059a3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-12 09:45:10 +02:00
Federico Di Pierro
4418bf2101 update(userspace/engine): bump engine version and checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-09 12:19:53 +02:00
poiana
43cd120030 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-06-09 12:19:53 +02:00
Denis Romanenko
5b1c6886e5 Fix alpine build 
Signed-off-by: Denis Romanenko <denis.romanenko@flant.com>
 2025-06-09 12:18:54 +02:00
Federico Di Pierro
f3b4f68ecd update(docs): bump CHANGELOG. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-05 14:48:30 +02:00
Federico Di Pierro
7a349a3e87 update(userspace/engine): bump engine version and checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-03 11:12:11 +02:00
FedeDP
0eb0b40c45 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-06-03 11:12:11 +02:00
Federico Di Pierro
9055811d79 fix(userspace/falco): when collecting metrics for stats_writer, create a libs_metrics_collector for each source. 
In case multiple sources are enabled, each source has its own `libs_metrics_collector`
with correct flags, so that it can retrieve all metrics.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-02 10:42:59 +02:00
Federico Di Pierro
2346a397f7 chore(userspace/falco): fix build for non linux minimal builds. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-30 19:05:38 +02:00
Federico Di Pierro
24f92dfdbc fix(userspace/falco): only enable prometheus metrics once all inspectors have been opened. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-30 19:05:38 +02:00
Federico Di Pierro
1d51203c29 update(docs): bumped changelog for release. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-29 11:12:24 +02:00
Federico Di Pierro
a7433e032b chore(userspace/falco): make re2 patterns statically lived. 
Moreover, rename `falco_metrics::` methods to better expose
they return prometheus metrics.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-05-28 09:47:16 +02:00
Federico Di Pierro
bac052f5d2 cleanup(userspace/falco): only push metrics for enabled sources. 
Refactor `::to_text` a bit to be more clear.
Also, we will push agent_info and machine_info only for the first
inspector that exposes them, to avoid duplicated entries in the prometheus text.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-28 09:47:16 +02:00
Melissa Kilby
0ffe864e42 fix(metrics/prometheus): non-duplicate evt_source retrieval 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-28 09:47:16 +02:00
Melissa Kilby
4ef697b2c6 cleanup(metrics/prometheus): add detailed logic explanation wrt inspector loop 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-28 09:47:16 +02:00
Melissa Kilby
b90f3cc18e update(metrics/prometheus): place syscalls inspector (if applicable) at index 0 of loop 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-28 09:47:16 +02:00
Melissa Kilby
4c12c2b1b5 fix(metrics/prometheus): gracefully handle multiple event sources, avoid erroneous duplicate metrics 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-28 09:47:16 +02:00
Luca Guerra
8f86f20d17 chore(build): update falcoctl, rules for artifact follow 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-27 16:53:12 +02:00
dependabot[bot]
70b0167f76 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `cb17833` to `b4437c4`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](cb17833316...b4437c492f)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: b4437c492fa3877c1b72ff61095c5be50fab8253
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-27 08:51:10 +02:00
Federico Di Pierro
38cb34edc6 update(cmake): bumped falcoctl to 0.11.1 and rules to 4.0.0. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-26 18:50:06 +02:00
Luca Guerra
8a10bd52e6 update(containers): add labels 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-26 13:16:04 +02:00
Federico Di Pierro
8c703602c1 chore(userspace/falco): initialize m_falco_reload_ts to 0. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
Melissa Kilby
faee56fc1a cleanup: apply minor code pilot suggestions 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
Melissa Kilby
c4dcf9e4e8 cleanup(configs): move runtime generated configs to section w/ clear comments 
Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
Melissa Kilby
309ccf65d3 cleanup(metrics): simplify logic around immediate metrics logging after start/reload 
* For consistency don't make first run metrics log special
* Remove firt tick variable altogether to enable metrics logging immediately after startup/reload

Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
Melissa Kilby
22d40e2a65 clenaup(metrics): rename new restart_ts to reload_ts to reflect hot relaod conditions 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
Melissa Kilby
c86a45e2ca update(metrics): introduce restart ts metric to statistically inspect restart/hot_reload conditions 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
Melissa Kilby
7b8fdd8f97 update(metrics): introduce immediate initial metrics msg (output_rule or output_file) upon start/restart/hot_reload 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2025-05-26 13:00:05 +02:00
dependabot[bot]
2250c0135b chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `4ccf111` to `cb17833`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](4ccf111c36...cb17833316)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-version: cb17833316dd6beaf8098cb2cba933bcd9e6ebd7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-26 10:09:25 +02:00
Leonardo Grasso
917a477ec2 update(cmake/rules): bump to falco-rules-4.0.0-rc1 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-05-20 19:05:29 +02:00
Federico Di Pierro
831e804473 cleanup(userspace/falco): drop unused libs_metrics_collector variable. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-20 17:34:29 +02:00
poiana
145036e923 update(cmake): update libs and driver to latest master. 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-05-19 11:06:01 +02:00
Federico Di Pierro
4074148435 fix(build): fixed container custom_target sed command. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-05-15 18:27:41 +02:00