github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-20 01:17:46 +00:00
Code Issues Projects Releases Wiki Activity
194 Commits 118 Branches 173 Tags
c2ee87976cc73fd6fe10230501e1401c2b228086
Commit Graph

194 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Stemm
c2ee87976c Add docker files to create images using apt-get. 
Based on the Dockerfiles from the sysdig repository. The only change
from the sysdig versions is to use environment variable FALCO_REPOSITORY
and to install falco instead of sysdig.

Note that the entrypoint still uses sysdig-probe-loader and
SYSDIG_HOST_ROOT, as it's building the kernel module for sysdig.

I verified I could create and run an image using the dev version using
"docker build ." from docker/dev, and run it using:

docker run -i -t --name falco --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:r\o sysdig/falco falco -r /etc/falco_rules.conf

I still need to update jenkins to create a release build.
 2016-05-03 17:10:55 -07:00
Mark Stemm
7040d018c4 Merge pull request #35 from draios/remove-digiwatch-refs 
Remove remaining Digwatch references.
 2016-05-02 12:09:31 -07:00
Mark Stemm
738f555bae Remove remaining Digwatch references. 
Remove remaining Digwatch references I noticed while getting up to
speed.
 2016-05-02 11:32:33 -07:00
Henri DF
9729058b9b Update README.md 2016-05-02 10:59:31 -07:00
Henri DF
14c1e30c24 Simple script to list ignored syscalls 2016-05-01 23:35:30 +00:00
Henri DF
c7648e01ee Merge pull request #34 from draios/falco-digwatch-renaming 
More falco->digwatch renaming
 2016-05-01 16:19:30 -07:00
Henri DF
bde9631cd4 More falco->digwatch renaming 2016-05-01 23:13:28 +00:00
Henri DF
c702713107 Add discarded syscalls to README 2016-05-01 09:14:43 -07:00
Henri DF
244ebad1da Merge pull request #33 from draios/falco-digwatch-renaming 
More falco->digwatch renaming
 2016-05-01 09:10:08 -07:00
Henri DF
5052039ee1 More falco->digwatch renaming 2016-05-01 16:09:49 +00:00
Henri DF
81e51d13e7 Update README.md 2016-04-28 17:06:57 -07:00
Henri DF
657573d3a9 Merge pull request #31 from draios/discard-by-type 
Drop high-volume events
 2016-04-28 15:36:33 -07:00
Henri DF
e207bc5f3a Drop high-volume events 2016-04-28 20:58:28 +00:00
Henri DF
8252b9decb Update README.md 2016-04-27 22:10:35 -07:00
Henri DF
edb112f167 Merge pull request #32 from draios/rename-falco 
Name change!
 2016-04-27 20:28:52 -07:00
Henri DF
abe6220651 Renaming 2016-04-28 03:28:19 +00:00
Henri DF
8b5fcf866a Merge pull request #30 from draios/logging 
Logging
 2016-04-22 16:01:37 -07:00
Henri DF
6d72619968 rename digwatch_syslog -> digwatch_logger 2016-04-22 16:01:00 -07:00
Henri DF
4c64295adc Digwatch logging 
Log digwatch messages to syslog and/or stderr
 2016-04-22 15:56:18 -07:00
Henri DF
5413935f15 Small tweak to usage message 2016-04-22 15:33:43 -07:00
Henri DF
fad88ee4b7 Remove signal handling 
Not currently serving any purpose
 2016-04-22 14:59:58 -07:00
Henri DF
6b2ef3088c Merge pull request #29 from draios/install-digwat 
Add install-digwatch script template
 2016-04-21 16:36:15 -07:00
Henri DF
1baedc156f Add install-digwatch script template 2016-04-21 16:33:17 -07:00
Henri DF
d59e66da86 Merge pull request #28 from draios/json-output 
Add support for json-formatted output
 2016-04-21 16:31:53 -07:00
Henri DF
45f8096dd3 Add support for json-formatted output 2016-04-21 16:30:51 -07:00
Henri DF
f837dfc78c Change s3 URL https->http for Jenkins 2016-04-21 23:17:00 +00:00
Henri DF
fc5b51774a Update README.md 2016-04-12 21:57:10 -07:00
Henri DF
8ad7679f7f Remove priority_level from yaml file 
It is not currently used for anything, will revert when that time comes.
 2016-04-12 21:49:54 -07:00
Henri DF
f2e9504bb1 Merge pull request #27 from draios/package-tweaks 
Packaging and configuration
 2016-04-12 21:37:12 -07:00
Henri DF
b14ae8ac11 Add digwatch.yaml to packages 2016-04-12 21:35:39 -07:00
Henri DF
6e008a2ff5 Improve error message when rules file not found 2016-04-13 03:43:31 +00:00
Henri DF
a529b11e0d Clean up usage message and choice of flags 2016-04-13 03:43:31 +00:00
Henri DF
86e2e17c33 Change rules file command-line setting 
Now is optional, and uses -u rather than passed as a positional arg.
 2016-04-13 03:43:31 +00:00
Henri DF
ef93844234 Rename digwatch.conf -> digwatch_rules.conf 2016-04-13 03:43:30 +00:00
Henri DF
357276b787 Fix opt def for scap input file 
(was 'R', should be 'r')
 2016-04-12 18:36:24 -07:00
Henri DF
b4bc2d52be rename infile -> scap_filename 2016-04-12 18:34:49 -07:00
Henri DF
d0e489b5c2 Remove unneccessary HAS_FILTERING conditional 2016-04-12 18:29:48 -07:00
Henri DF
859047c5f2 Merge pull request #26 from draios/file-output 
File output
 2016-04-12 18:20:31 -07:00
Henri DF
89b1a55d9e Add file output 2016-04-13 01:19:27 +00:00
Henri DF
b2698f9d20 Set up outputs listed in configuration object 2016-04-13 01:19:21 +00:00
Henri DF
179e5519ce Small refactoring of output config 
This is a step towards being able to support multiple outputs of
different types (including file outputs which require their own config).
 2016-04-12 23:21:14 +00:00
Henri DF
4eef8c9647 Merge pull request #25 from draios/configuration 
Configuration
 2016-04-12 16:15:30 -07:00
Henri DF
42de0507fa search for yaml config file 
In order:
1) cmdline opt
2) in-tree path
3) /etc/digwatch.yaml
 2016-04-12 23:14:44 +00:00
Henri DF
73ec593931 Add a configuration::init() that just sets up defaults 
(For when no config file is being used)
 2016-04-12 23:13:18 +00:00
Henri DF
dc099bfb91 Add configuration object and Yaml parser 
These aren't wired up yet.
 2016-04-12 23:13:15 +00:00
Henri DF
af4089dac3 Build and link yaml-cpp lib 2016-04-12 23:13:12 +00:00
Henri DF
997fec2d4b Merge pull request #24 from draios/read-files 
Add support for reading .scap files
 2016-04-08 16:53:04 -07:00
Henri DF
b4859015ea Add support for reading .scap files 2016-04-08 16:51:16 -07:00
Henri DF
28b21eb5b3 Merge pull request #23 from draios/config 
Command-line options simplification
 2016-04-07 16:28:07 -07:00
Henri DF
709568b578 Command-line options simplification 
Remove -N and always turn resolution off. Given the possible performance
impact, there shouldn't even be a way to have it on.
 2016-04-07 15:12:15 -07:00