Commit Graph

1635 Commits

Author SHA1 Message Date
Hiroki Suezawa
fc58ac7356 rule update: modify rule to detect connection to K8S API Server from a container
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2019-12-05 10:59:05 +01:00
Leonardo Di Donato
e893e048a1 docs(README): community call + repo planning + correct mailing list URL
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-12-04 18:41:28 +01:00
Leo Di Donato
0c9787624b docs(CONTRIBUTING): rule type subsection title
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-12-04 18:09:14 +01:00
Lorenzo Fontana
daca750cd9 docs(CONTRIBUTING): commit convention details
Signed-off-by: Lorenzo Fontana <lo@linux.com>
2019-12-04 18:09:14 +01:00
Jean-Philippe Lachance
418bcf2177 Apply Kaizhe's code review
Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>
2019-12-04 03:36:04 +01:00
Jean-Philippe Lachance
f97a33d40a Exclude exe_running_docker_save in the "Update Package Repository" rule
Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>
2019-12-04 03:36:04 +01:00
Jean-Philippe Lachance
df7a356e1d Apply Kaizhe's code review
Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>
2019-12-04 03:35:11 +01:00
Jean-Philippe Lachance
03e8b7f53d Exclude exe_running_docker_save in the "Modify Shell Configuration File" rule
Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>
2019-12-04 03:35:11 +01:00
Jean-Philippe Lachance
146343e5f0 Update the exe_running_docker_save macro to support docker in docker
Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>
2019-12-04 02:20:21 +01:00
Hiroki Suezawa
7da245e902 rule update: Modify rule to detect raw packets creation
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2019-12-04 00:19:26 +00:00
Hiroki Suezawa
d0e6279bb2 rule update: Modify condition for raw packets creation
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2019-12-04 00:19:26 +00:00
Hiroki Suezawa
8b2d4e1fe6 rule update: Fix condition for raw packets creation and renamed
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2019-12-04 00:19:26 +00:00
Hiroki Suezawa
ebec520ebc rule update: Add rules to detect raw packets creation
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2019-12-04 00:19:26 +00:00
kaizhe
2f8caf99cd rule update: align sensitive mount macro between k8s_audit rules and syscall rules
Signed-off-by: kaizhe <derek0405@gmail.com>
2019-12-03 12:58:21 -08:00
Hiroki Suezawa
0b402e2326 rule update: Rename rule for Cloud Metadata access again
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2019-12-03 20:15:33 +00:00
Hiroki Suezawa
54329a64cd rule update: Rename rule for Cloud Metadata access
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2019-12-03 20:15:33 +00:00
rung
89d8259860 rule update: Add consider_gce_metadata_access macro for rule to detect GCE Metadata access
Signed-off-by: rung <suezawa@gmail.com>
2019-12-03 20:15:33 +00:00
Hiroki Suezawa
e70febc8db rule update: Add rules for GCE Metadata detection
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2019-12-03 20:15:33 +00:00
kaizhe
722ab4f2f9 minor changes
Signed-off-by: kaizhe <derek0405@gmail.com>
2019-12-03 19:37:01 +00:00
kaizhe
6c9bce6f73 update k8s audit rule
Signed-off-by: kaizhe <derek0405@gmail.com>
2019-12-03 19:37:01 +00:00
kaizhe
7c33fafe89 minor changes
Signed-off-by: kaizhe <derek0405@gmail.com>
2019-12-03 19:37:01 +00:00
kaizhe
18acea4a73 minor changes
Signed-off-by: kaizhe <derek0405@gmail.com>
2019-12-03 19:37:01 +00:00
kaizhe
8011fe7ce7 rules update: add more sensitive host path to sensitive_host_mount macro
Signed-off-by: kaizhe <derek0405@gmail.com>
2019-12-03 19:37:01 +00:00
Lorenzo Fontana
d328ff3fde update(cmake/patch): include Makefile template in patch for grpc 1.25.0
Signed-off-by: Lorenzo Fontana <lo@linux.com>
2019-12-03 17:43:57 +00:00
Lorenzo Fontana
fbcc6a0781 build: update gRPC to 1.25.0
Signed-off-by: Lorenzo Fontana <lo@linux.com>
2019-12-03 17:43:57 +00:00
Jean-Philippe Lachance
80d69917ea * Rename the macro to user_known_package_manager_in_container
+ Add a comment to explain how we should use this macro

Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>
2019-12-03 00:03:35 +01:00
Jean-Philippe Lachance
3713f7a614 + Add a simple user_known_package_manager_in_container_conditions macro
* Use the user_known_package_manager_in_container_conditions macro in the "Launch Package Management Process in Container" rule

Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>
2019-12-03 00:03:35 +01:00
Jean-Philippe Lachance
79cb75dcd1 ! Exclude exe_running_docker_save in the "Set Setuid or Setgid bit" rule
Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>
2019-12-02 23:54:53 +01:00
Hiroki Suezawa
c736a843a0 rule update: Add kubelet to user_known_chmod_applications list
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2019-12-01 23:27:04 +01:00
Adrián Arroyo Calle
1b05f0e6a7 chore: read hostname in initialization
Signed-off-by: Adrián Arroyo Calle <adrian.arroyocalle@gmail.com>
2019-11-27 22:23:49 +01:00
Adrián Arroyo Calle
4d180cbc31 chore: use std::string to have safer copies
Signed-off-by: Adrián Arroyo Calle <adrian.arroyocalle@gmail.com>
2019-11-27 22:23:49 +01:00
Adrián Arroyo Calle
137e7fc0ec chore: hostname can be 253 characters maximum
Signed-off-by: Adrián Arroyo Calle <adrian.arroyocalle@gmail.com>
2019-11-27 22:23:49 +01:00
Adrián Arroyo Calle
52fbcefa1d chore: add environment variable FALCO_GRPC_HOSTNAME
Signed-off-by: Adrián Arroyo Calle <adrian.arroyocalle@gmail.com>
2019-11-27 22:23:49 +01:00
Adrián Arroyo Calle
a084f17493 feat: add hostname field in gRPC output
Signed-off-by: Adrián Arroyo Calle <adrian.arroyocalle@gmail.com>
2019-11-27 22:23:49 +01:00
Leonardo Di Donato
c96f85282d fix: do not use wget to patch gRPC makefile
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-11-27 18:18:07 +01:00
Lorenzo Fontana
d2459aa0a8 update: add wget to the travis build
Signed-off-by: Lorenzo Fontana <lo@linux.com>
2019-11-27 18:18:07 +01:00
Lorenzo Fontana
d11ac4a59d update: cleanup the gRPC dependency and use the url from the main project
Signed-off-by: Lorenzo Fontana <lo@linux.com>
2019-11-27 18:18:07 +01:00
Mark Stemm
4e39fee54e Always catch json type errors when extracting
In all extraction functions, always catch json type errors alongside
json out of range errors. Both cases result in not extracting any value
from the event.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
2019-11-18 16:19:58 -08:00
Leonardo Di Donato
885e131451 fix(scripts): copy falco-probe-loader during packages build
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-11-14 10:00:36 -08:00
Leonardo Di Donato
6ede7bd422 chore: removing sysdig references
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-11-14 10:00:36 -08:00
Leonardo Di Donato
a64a827d72 update: puppet module had been renamed to falco
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-11-14 10:00:36 -08:00
Leonardo Di Donato
a200d17581 chore: improving naming
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-11-14 10:00:36 -08:00
Leonardo Di Donato
a17a12c306 update(scripts): rename env variables for falco probe loader
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-11-14 10:00:36 -08:00
Leonardo Di Donato
514d8bacc3 update(docker): introduce SKIP_MODULE_LOAD env variable
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-11-14 10:00:36 -08:00
Leonardo Di Donato
3e9ebfb354 fix(docker): adapt dockerfiles to HOST_ROOT env var
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-11-14 10:00:36 -08:00
Leonardo Di Donato
17bc344381 fix(scripts): rename SYSDIG_HOST_ROOT env variable into HOST_ROOT
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-11-14 10:00:36 -08:00
Leonardo Di Donato
3ce2056dc5 fix(docker): glob rather than ls in the docker entrypoints
Plus, make them use HOST_ROOT env var, not SYSDIG_HOST_ROOT

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-11-14 10:00:36 -08:00
Leonardo Di Donato
9e355e1a74 fix(userspace/falco): typo for consumer related methods
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-11-14 10:00:36 -08:00
Loris Degioanni
468fa35965 chore: naming cleanup
Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-11-14 10:00:36 -08:00
Loris Degioanni
bb3c0275cc fix(scripts): license header
Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-11-14 10:00:36 -08:00