github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 23:57:29 +00:00
Code Issues Projects Releases Wiki Activity
3,632 Commits 121 Branches 172 Tags 104 MiB
be13ee044e
Commit Graph

3632 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrea Terzolo
de6292ce09 doc(userspace): fix a warning message 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-21 14:56:02 +01:00
Andrea Terzolo
decabbc519 update(ci): bump also musl job 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-21 11:26:02 +01:00
Andrea Terzolo
647c085041 ci: bump resource class 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-21 11:26:02 +01:00
Andrea Terzolo
e1ff4db67a update(ci): support modern bpf with musl build 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-21 11:26:02 +01:00
Andrea Terzolo
c861f0b02a update(ci): update ci jobs to generate Falco images with modern probe 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-21 11:26:02 +01:00
Andrea Terzolo
e5ed3284db chore: bump libs/driver version 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-21 11:26:02 +01:00
Federico Di Pierro
9d2f1e0729 new(scripts): add bottlerocket support in falco-driver-loader. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-19 17:33:09 +01:00
Andrea Terzolo
100e92a6fb fix: job step name 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-19 11:48:00 +01:00
Andrea Terzolo
9b41b77d53 cleanup(ci): move static analysis from circle CI to GHA 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-19 11:48:00 +01:00
Oscar Utbult
b17d513251 rules: use list of Falco containers instead of repeating them 
Signed-off-by: Oscar Utbult <oscar.utbult@gmail.com>
 2022-12-16 12:56:23 +01:00
Luca Guerra
6ea233dd75 new(falco): add engine version to --version 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2022-12-16 12:09:24 +01:00
Luca Guerra
dde2fdd67c new(falco): add driver_api_version, driver_schema_version, default_driver_version, libs_version to support 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2022-12-16 12:09:24 +01:00
Luca Guerra
a4ff604021 update(falco): update cpp-httplib to 0.11.3 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2022-12-16 11:53:23 +01:00
Alberto Pellitteri
d9a9fdf577 Rule: detecting executions from /dev/shm 
Signed-off-by: Alberto Pellitteri <albertopellitteri96@gmail.com>
 2022-12-16 11:33:23 +01:00
Alberto Pellitteri
68b87a6f13 Rule: detecting executions looking for AWS credentials 
Signed-off-by: Alberto Pellitteri <albertopellitteri96@gmail.com>
Co-authored-by: Alessandro Brucato <alessandro.brucato@sysdig.com>
 2022-12-16 10:42:23 +01:00
Melissa Kilby
e5f3b724a5 update(docs): reference Falco default rules overview markdown document 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-12-15 16:46:20 +01:00
Melissa Kilby
f04ff10bd7 new(rules): init rules_inventory/ 
* add ad-hoc python script to generate Falco default rules overview markdown document
* init rules_inventory/rules_overview.md doc

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-12-15 16:46:20 +01:00
Melissa Kilby
6afe9d9200 update(rules): ehanced rules tagging for inventory / threat modeling 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-12-15 16:46:20 +01:00
cappellinsamuele
cec135b4b6 fix(ci): fix rpm sign job dependencies 
Signed-off-by: cappellinsamuele <cappellinsamuele@gmail.com>
 2022-12-15 16:32:20 +01:00
Leonardo Grasso
73b9273472 chore(scripts): rename env var 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-12-15 16:19:20 +01:00
Andrea Bonanno
7e52db2b42 update(script): makes user able to pass additional custom option to driver-loader curl command 
Signed-off-by: Andrea Bonanno <andrea@bonanno.cloud>
 2022-12-15 16:19:20 +01:00
Federico Di Pierro
a1d68e848f chore(scripts): avoid failing if mkdir/cp/depmod fail. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
d0ac5981a7 update(scripts): typo 
Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
380dd23a60 update(scripts): typo 
Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
4c550bbe06 chore(scripts): manage dialog cancel button, and increase dialog vertical size to comprehend all of 5 options. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
76c8a645f1 chore(scripts): properly configure falco-kmod dependency on falco-kmod-inject with PartOf. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Andrea Terzolo
5bb566d613 fix: stop also falco-kmod-inject.service unit 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-15 14:09:19 +01:00
Andrea Terzolo
ee08c4d3de update: remove falco target 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
988256d930 fix(scripts): fixed rpm dialog script. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
a94f26ec43 chore(scripts): fallback at previous insmod method, if modprobe fails. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
d4d2777876 fix(scripts): fixed PartOf in bpf and modern-bpf systemd units. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
4fc10bc774 chore(scripts,cmake): rename modern_bpf to modern-bpf in deb and rpm scripts. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
87416ab67c chore(scripts): try to install kmod system wide. 
Then, we can always use `modprobe` to load it instead of `insmod`.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
01f4af480d fix(scripts): fixed some debian issues by directly using systemctl tool. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
cb20cf83ff new(scripts, cmake): added support for modern bpf probe. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
c6f668bc71 cleanup(scripts, cmake): fix switch in deb and rpm postinst scripts. 
Cleanup cmake cpackgenerator options.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
1570e9f235 chore(scripts, cmake): add falco-plugin.service to install files. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
cbea78b283 fix(scripts): by default, do not enable any driver. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
ca55e70a33 chore: make dontstart default dialog selection. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
4596c919a6 fix(scripts): improve gcc skip logic. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
4e57670599 chore(scripts): add back a dontstart option. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
91fe2e9e24 chore(scripts): added support for falco@plugin.target. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
b04bb2e32e chore(scripts): renamed Don't Start to Plugin. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
e26aa6a385 chore(scripts): when running in non-interactive mode, do not enable neither start any driver. 
Eg: when building Falco docker image, and installing Falco package, we don't want it to build any driver.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
818f717622 chore(scripts,cmake): dialog is an optional dep, do not list it among deps. 
Cleaned up unused vars in postinst scripts.
Finally, only show dialog window in interactive shells.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
9232383616 chore(cmake): dkms is actually needed by falco driver loader. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
41ffc90633 cleanup(scripts): allow falco-driver-loader script to manage more gcc versions. 
AmazonLinux uses `gcc-$Vers`, like gcc-10, but our regex prevented that to work.
Instead, rely on the fact that **real** gcc has some `--version` fixed output.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
b6078ce1be new(scripts): allow rpm/deb users to decide at configure time which driver to use (kmod or ebpf). 
Manage it via a bash dialog interface.
Moreover, use falco-driver-loader instead of dkms to build bpf/kmod after package install.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
06fe9e6985 new(scrips): improve systemd units for rpm and debian. 
Unify them; plus, rework systemd units to support eBPF too.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Oscar Utbult
f43e6c445a rules: add OpenSSH private key to macro private_key_or_password 
Signed-off-by: Oscar Utbult <oscar.utbult@gmail.com>
 2022-12-15 13:36:18 +01:00