github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-22 20:29:39 +00:00
Code Issues Projects Releases Wiki Activity
1,291 Commits 124 Branches 178 Tags
c40b797f33a4b60f44dab8cded8636fca68d98b4
Commit Graph

332 Commits

Author SHA1 Message Date
Leonardo Di Donato
c40b797f33 update(userspace/falco/lua): no need to pass priority num 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
ab806a4599 update(userspace/falco): namespace the proto messages and types 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
bd90a6ce89 update(usersoace/falco): allow aliases for enum types 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
3cea413177 update(userspace/falco/lua): passing format to resolve output fields 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
26217cec5c new(userspace/falco): read output_fields from a lua table 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
7f35b7f712 new(userspace/engine): expose resolve_tokens to lua 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
826ad0b271 new(userspace/falco): context metadata 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
6cce448206 new(userspace/falco): send rule and message only for now 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
0a9f61f0fb new(userspace/falco): implement the output queue methods directly 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
43cd429967 new(userspace/falco): falco output handler to send events via grpc 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
7a99336b3b chore(userspace/falco): cleanup boot logic for grpc server 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
45df07bc1b update(userspace/falco): use concurrent output queue in grpc server 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
Co-authored-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
4f23b0bdfb update(userspace/falco): use concurrent output queue in grpc server impl 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
5f29d46cb3 update(userspace/falco/lua): separate events output from messages outputs using different lua functions 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
34a34cecb6 update(userspace/falco): remove format from grpc responses 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
4bdf8495de new(userspace/falco): introducing concurrent queue for falco outputs 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
23000528d4 update(userspace/falco): grab grpc output configuration 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
a53e22d2d5 chore(usperspace/falco): move grpc server impl 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
c3abccb27b build(userspace/falco): prepare grpc server implementation to be moved 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
0bec2607a5 new(userspace/falco): specify that we can have multiple client consuming mechanisms, only round robin fashion is implemented now 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
5abb26e764 new(userspace/falco): handle subscribe events as streams based on keepalive 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
fcc7fad0e7 new(userspace/falco): subscribe keepalive parameter 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
572a1e8381 update(userspace/falco): keep the stream open 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
356861be5f new(userspace/falco): initial grpc queuing logic 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
25f5fcacae new(userspace/falco): grpc server event bus queue 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
36fb0f6751 chore(userspace/falco): gRPC server send rule and source 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
87fed11f16 fix: grpc service must be registered and grpc context state must be handled for threads 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
6072b7a201 new(userspace/falco): falco outputs grpc server stop 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
fbe4e34a57 new(userspace/falco): request stream context process and end handling 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
13f5a76b97 new(usperspace/falco): request stream context specialization and process stream macro 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
2f917c578d new(userspace/falco): introduce request context base and request stream context classes 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
3bfaea5408 chore(userspace/falco): rename grpc server into falco grpc server 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
82a7becd9a chore(userspace/falco): grpc context format 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
60fac8d100 fix(userspace/falco): service name for the proto falco output svc 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
c2178ebc96 build(userspace/falco): add grpc context impl to cmake 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
9d9e2322a2 update(userspace/falco): change the way the grpc server is started 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
abfd6d8a1a update(userspace/falco): reorganize grpc server 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
5d0266a09e new(userspace/falco): grpc context and stream context 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
e394bcf119 update(userspace/falco): mvoing proto enum defs outside 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
89e23164fa new(userspace/falco): initial grpc server implementation 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
f3fcc8a974 new(userspace/falco): falco output protocol definition 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-09-25 16:43:32 +03:00
Lorenzo Fontana
19bc0149bd build: setup grpc and proto for falco outputs 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
Co-Authored-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-25 16:43:32 +03:00
Leonardo Di Donato
a019b54fe6 docs: specify labels that apply to each area 
If this work as intended PR will automatically get the area labels depending on the files he modified.
In case the user wants it can still apply other areas manually, by slash command, or editing the PR template during the opening of the PR.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-09-16 10:11:25 +02:00
Leonardo Di Donato
49c4ef5d8c feat(userspace): open the event source/s depending on the flags 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
Co-authored-by: Lorenzo Fonanta <lo@linux.com>
 2019-08-21 17:08:03 +02:00
Leonardo Di Donato
1eeb059e10 feat(userspace): can not disable both the event sources 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-21 17:08:03 +02:00
Leonardo Di Donato
870c17e31d feat: flag to disable sources (syscall, k8s_audit) 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-21 17:08:03 +02:00
Leonardo Di Donato
8c62ec5472 fix(usperspace): webserver must not fail with input that exceeds the expected ranges 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-13 15:48:06 +02:00
Leonardo Di Donato
c9cd6eebf7 update(userspace): falco webserver must catch json type errors (exceptions) 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-13 15:48:06 +02:00
Leonardo Di Donato
723bc1cabf fix(userspace): accessing a (json) object can throw exceptions because of wrong types 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-08-13 15:48:06 +02:00
Mark Stemm
76f64f5d79 Properly parse multi-document yaml files 
Properly parse multi-document yaml files e.g. blocks separated by
---. This is easily handled by lyaml itself--you just need to pass the
option all = true to yaml.load, and each document will be provided as a table.

This does break the table iteration a bit, so some more refactoring:

 - Create a load_state table that holds context like the current
 - document index, the required_engine_version, etc.
 - Pull out the parts that parse a single document to load_rules_doc(),
   which is given the table for a single document + load_state.
 - Simplify get_orig_yaml_obj to just provide a single row index and
 - return all rows from that point to the next blank line or line
   starting with '-'

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2019-08-02 11:01:59 -07:00