github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-05 02:47:05 +00:00
Code Issues Projects Releases Wiki Activity
4,795 Commits 117 Branches 173 Tags 104 MiB
ca0a2a34cf
Commit Graph

4795 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Federico Di Pierro
447a251e16 chore(ci): bumped rn2md to latest master. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-01-11 09:52:38 +01:00
Federico Di Pierro
b5e64c52f3 fix(ci): manually invoke falcoctl to install cloudtrail and k8saudit plugin before running tests. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-01-11 09:08:38 +01:00
Federico Di Pierro
bbef26aad0 cleanup(cmake): dropped bundled plugins since falcoctl takes care of everything. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-01-11 09:08:38 +01:00
Andrea Terzolo
6bb68c0c43 chore: bump Falco to latest libs 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 05:32:38 +01:00
dependabot[bot]
a25b5c1045 build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `424b258` to `1221b9e`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](424b258789...1221b9e817)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-09 19:01:34 +01:00
Andrea Terzolo
f6ab7f2501 chore: bump driver version 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-08 20:20:31 +01:00
Mark Stemm
66df3dc417 Add unit tests for add_source() + related lookup methods 
Add unit tests for add_source() and its related find_*_for_source()
methods. The test just verifies that the values provided to
add_source() are the same as the values returned by the find methods.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-01-08 12:00:27 +01:00
Mark Stemm
14d1ca3c97 Add methods to look up the factories provided in add_source() 
Add methods that allow looking up the factories provided to
add_source(). This allows not having to keep track of the factories
outside of the engine.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-01-08 12:00:27 +01:00
Mark Stemm
07d7b9a57a Inline find_source() as it can be called in the event path 
Inline find_source as it can be called in the event processing path.

Also take the cached variant that assigns/uses m_syscall_source_idx
and put it in find_source() instead of process_event().

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-01-08 12:00:27 +01:00
dependabot[bot]
70ce7b936b build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `cd33bc3` to `424b258`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](cd33bc34af...424b258789)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-05 14:46:18 +01:00
Luca Guerra
728c8d7d0e fix(engine): clarify error message for invalid append 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
04dd06b2c6 new(tests): add error testing for rule overrides 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
4c023b0d93 update(engine): temporary replace for error messages 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
8a7ef687b1 update(engine): throw an error if an unexpected top level key is found in an override 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
21c629dc4d chore(engine): bump engine version 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
2db29af0e8 update(engine): clarify override error messages 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
bc072502cc new(engine): add selective overrides 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Melissa Kilby
3976e777a5 update(config): clarify deprecation notices + list all env vars 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-12-22 09:55:19 +01:00
Melissa Kilby
9131261ff3 chore: fix some characters in deprecation notices 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-12-22 09:55:19 +01:00
Luca Guerra
e5034323fd cleanup(engine): clarify deprecation notice for engines 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-21 17:40:15 +01:00
Federico Di Pierro
213fa392e8 update(cmake): bumped falcoctl to v0.7.0-rc1. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-21 09:35:15 +01:00
Federico Di Pierro
a2c128e934 chore(ci): revert #2961. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-20 12:09:12 +01:00
dependabot[bot]
f2d0c42911 build(deps): Bump submodules/falcosecurity-testing 
Bumps [submodules/falcosecurity-testing](https://github.com/falcosecurity/testing) from `930170b` to `9b9630e`.
- [Commits](930170bb0b...9b9630e2d8)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-testing
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-19 18:46:08 +01:00
Andrea Terzolo
8ff1ef752d chore: bump falco engine version 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-12-18 19:01:01 +01:00
Andrea Terzolo
454882f518 chore: bump Falco to latest libs 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-12-18 19:01:01 +01:00
dependabot[bot]
3c31c05450 build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `262f569` to `cd33bc3`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](262f56986e...cd33bc34af)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-18 18:26:01 +01:00
Samuel Gaist
d99c137b09 feat(outputs_http): implement keep alive 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2023-12-18 17:41:02 +01:00
Samuel Gaist
691bc8b04d feat(outputs_http): implement support for compressed upload 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2023-12-18 17:41:02 +01:00
Mark Stemm
ab0133d1dd Add unit tests for enabling/disabling rules 
Add unit tests for enabling/disabling rules, covering:

 - matching names by substring
 - using "" to match all rules
 - matching names exactly
 - using ruleset ids in addition to ruleset names

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2023-12-18 15:58:04 +01:00
Mark Stemm
334302e525 Allow enabling rules by ruleset id in addition to name 
Add alternate enable_* methods that allow enabling rulesets by ruleset
id in addition to name. This might be used by some filter_rulesets to
enable/disable rules on the fly via the falco engine.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2023-12-18 15:58:04 +01:00
Federico Di Pierro
1ab4e9e0fc chore(ci): enable aarch64 falco driver loader tests. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-18 15:26:02 +01:00
Federico Di Pierro
9e1e68f64b chore(unit_tests): added more tests for yaml env vars expansion. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-14 12:44:47 +01:00
Federico Di Pierro
752e8bf16c chore(falco.yaml): use HOME env var for ebpf probe path. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-13 17:45:45 +01:00
Federico Di Pierro
cbbcb61153 new(unit_tests,userspace): properly support env var expansions in all scalar values of yaml file. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-13 17:03:46 +01:00
Federico Di Pierro
3b095a5eda chore(unit_tests): added tests around empty config value resolving to default. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-13 17:03:46 +01:00
Federico Di Pierro
7805bf5ad5 fix(userspace,unit_tests): fixed bool parsing. 
Moreover, added some more tests around env vars.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-13 17:03:46 +01:00
Federico Di Pierro
0c0fb63008 chore(unit_test,userspace): allow env var to get expanded in yaml even when part of a string. 
Moreover, support env variable embedding another env variable.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-13 17:03:46 +01:00
Andrea Terzolo
ed346e90cd update(falco): bump engine version and checksum 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-12-13 16:59:46 +01:00
Andrea Terzolo
b190a60da7 chore: bump to latest libs commit 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-12-13 16:59:46 +01:00
Andrea Terzolo
34a896f3a5 new(.gitignore): ignore local CMakeUserPresets.json 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-12-13 16:59:46 +01:00
dependabot[bot]
1a338e1a39 build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `dd38952` to `262f569`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](dd38952168...262f56986e)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-13 16:01:46 +01:00
Luca Guerra
e3f54a14a6 update(readme): add actuated.dev badge 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-12 18:56:44 +01:00
Nitro Cao
4bfc42eb7d feat(falco): monitor events with more types for rules directory 
Signed-off-by: Nitro Cao <jaycecao520@gmail.com>
 2023-12-12 18:49:44 +01:00
Federico Di Pierro
47959abfed chore(docker): improve usage helper message. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-12 18:23:44 +01:00
Federico Di Pierro
8db79da647 chore(cmake,docker): bumped falcoctl to v0.7.0-beta5. 
Moreover, small fix in docker images entrypoints regarding the name printed in usage.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-12 18:23:44 +01:00
dependabot[bot]
9c01f3518a build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `64e2adb` to `dd38952`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](64e2adb309...dd38952168)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-12 14:37:43 +01:00
Federico Di Pierro
f2ebdfaf8e fix(docker): small fixes in docker entrypoints for new driver loader. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-12 09:56:42 +01:00
Federico Aponte
e427c800f3 chore(build): fix error using find_package with ExternalProject_Add 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2023-12-11 16:52:39 +01:00
Federico Aponte
5e17ba6c23 chore(build): allow usage of non-bundled nlohmann-json 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2023-12-11 16:52:39 +01:00
Federico Di Pierro
e177898d2b update(cmake): bumped falcoctl to v0.7.0-beta4. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-11 16:37:39 +01:00