github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-27 15:17:50 +00:00
Code Issues Projects Releases Wiki Activity
96 Commits 121 Branches 172 Tags 104 MiB
b8a16aab85
Commit Graph

96 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henri DF
b8a16aab85 fix re.lua permissions 2016-03-08 01:15:43 +00:00
Henri DF
f4c7bb8f72 un-hardcode LUA_INCLUDE in cmake file 2016-03-08 01:15:43 +00:00
Henri DF
972c84707f Mo rules 2016-03-07 16:35:13 -08:00
Henri DF
a14087dc94 .gitignore 2016-03-06 15:16:13 -08:00
Henri DF
79e4af09ca Merge pull request #12 from draios/build-lpeg 
Build lpeg
 2016-03-04 17:55:58 -08:00
Henri DF
8c6bb8a236 Set Lua cpath along with path 2016-03-04 17:54:18 -08:00
Henri DF
cc4837312e Pull lpeg and build it 2016-03-04 17:52:01 -08:00
Henri DF
9bbe692137 Some more progress on rules 2016-03-03 16:14:14 -08:00
Henri DF
e7adc4e1f5 Remove cruft from CMakeLists.txt 2016-03-03 16:13:32 -08:00
Henri DF
331042858f Initial version of outputs.lua 2016-03-03 16:13:08 -08:00
Henri DF
7593aac4c9 .gitignore 2016-03-03 16:11:57 -08:00
Henri DF
5f681b1bd8 Signal handlers and clean(er) exit 2016-03-04 00:11:09 +00:00
Henri DF
a921e25385 Tweaks to base.txt 2016-03-04 00:10:57 +00:00
Henri DF
b700a85b05 Add ssh alert 2016-03-04 00:10:48 +00:00
Henri DF
ea158baa8d Fix error string 2016-03-02 22:24:12 +00:00
Henri DF
9c4bfecd40 Progress on base rules 2016-03-02 22:24:12 +00:00
Henri DF
33ad92e98b Fix typo-bug in lua code 2016-03-01 22:01:45 -08:00
Henri DF
f0da1c724b formats.cpp: print lua error string (like elsewherE) 2016-03-01 22:01:14 -08:00
Henri DF
a52441dcaa Some updates to base rules file 2016-03-01 20:10:52 -08:00
Henri DF
8343d23c3f remove debugging print from rules_loader.lua 2016-03-01 20:10:34 -08:00
Henri DF
2eb02a9597 Merge pull request #11 from draios/digwatch_fields 
Digwatch fields
 2016-03-01 13:55:00 -08:00
Henri DF
26fcf3415d Add digwatch.fields() to Lua API 2016-03-01 21:54:20 +00:00
Henri DF
3195c8abea formats.{cpp,h}: Get rid of global vars 2016-03-01 21:54:18 +00:00
Henri DF
0cdbdf9215 minor include cleanups 2016-03-01 10:49:19 -08:00
Henri DF
3feaa86db0 Merge pull request #10 from draios/support-function-outputs 
Support function outputs
 2016-02-29 20:38:45 -08:00
Henri DF
6a99c1a978 Basic support for function calls in outputs 2016-02-29 20:15:50 -08:00
Henri DF
1b7a5bd119 compiler: keep source in FunctionCall ASTs 2016-02-29 13:37:16 -08:00
Henri DF
55b2490314 coding convention 2016-02-28 21:14:46 -08:00
Henri DF
1c04ed7874 rework digwatch event output handling 
the high-level change is that events matching a rule are now send into a
lua "on_event" function for handling, rather than doing the handling
down in c++.

more specifics:

before, the lua "load_rule" function registered formatters with
associated IDs with the c++ side, which later used this state to
reconcile events with formats and print output accordingly.

now, no such state is kept on the c++ side. the lua "load_rule" function
maintains the id->formatters map, and uses it to print outputs when it
receives events.

this change simplifies the existing flow and will also make the forthcoming
implementation of function outputs far simpler than it would have been
in the current setup.
 2016-02-28 21:06:29 -08:00
Henri DF
f71de57a90 fix unused vars warning in digwatch.cpp 2016-02-28 20:28:47 -08:00
Henri DF
31a0065c3c Example ruleset 2016-02-28 16:19:47 -08:00
Henri DF
c695051990 rule_loader.lua: comments cleanups 2016-02-28 23:50:10 +00:00
Henri DF
fe880c2c53 Merge pull request #9 from draios/grammar-output-functioncalls 
Function calls in outputs (grammar only)
 2016-02-28 14:30:31 -08:00
Henri DF
6569f0372d Grammar: support function-call syntax in outputs 
This change adds syntax support for function call outputs. For example:

... | syslog(evt, WARN)

Regular outputs are still allowed and parsed in the same way.
 2016-02-28 14:28:00 -08:00
Henri DF
733548b80b Grammar: fix commas in lists 
commas were (unintentionally) optional in lists. so a list like (a b c)
was a valid three-element list.
 2016-02-28 14:24:54 -08:00
Henri DF
b46e996ea1 Merge pull request #8 from draios/array-accessor-grammar 
Grammar: parse array lookup in fields
 2016-02-28 13:23:38 -08:00
Henri DF
96942f8034 Grammar: parse array lookup in fields 2016-02-28 13:20:35 -08:00
Henri DF
e75041c4b9 Update README.md 2016-02-26 09:56:52 -08:00
Henri DF
ae08d6ca8f Merge pull request #7 from draios/compiler-fixes 
Compiler fixes
 2016-02-25 10:55:18 -08:00
Henri DF
4053b7241e Fix 'in' clause expansion 2016-02-25 10:54:42 -08:00
Henri DF
eaeb360b31 Fix macro expansion 2016-02-25 10:54:28 -08:00
Henri DF
d62ea1df24 Support for comments in rules files 2016-02-24 15:47:19 -08:00
Henri DF
ffac848c89 Merge pull request #6 from draios/cleanups 
Cleanups
 2016-02-24 10:33:11 -08:00
Henri DF
2428231c7a Remove unneeded code from digwatch main 2016-02-24 10:32:14 -08:00
Henri DF
1a70d12525 whitespace 2016-02-24 09:17:26 -08:00
Henri DF
5f43446bfa compiler.lua: Move macro checking into own file 2016-02-24 09:03:55 -08:00
Henri DF
a2ec9870de compiler.lua: consistently use 'ast' instead of 'node' 2016-02-24 08:46:33 -08:00
Henri DF
e725be968e rule_loader.lua: add/improve comments 2016-02-24 08:46:12 -08:00
Henri DF
ef3b2728f5 Merge pull request #5 from draios/replumb-events 
Support output formats
 2016-02-24 08:43:28 -08:00
Henri DF
a9d0268390 Move format handling into own class 2016-02-23 18:55:20 -08:00