github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 08:32:12 +00:00
Code Issues Projects Releases Wiki Activity
4,795 Commits 121 Branches 172 Tags 104 MiB
ca0a2a34cf
Commit Graph

4795 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luca Guerra
478514940f update(falco): deprecated -S --snaplen option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-07 11:33:03 +02:00
Luca Guerra
ef79648037 new(falco): add falco_libs.snaplen option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-07 11:33:03 +02:00
Federico Di Pierro
f72e6a59ad fix(userspace/falco): fix event set selection for plugin with parsing capability. 
In live mode we need to use the source_info inspectors instead of the offline inspector.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-10-07 09:56:02 +02:00
dependabot[bot]
257938291d chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `b6ad373` to `e38fb3f`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](b6ad373719...e38fb3f6a7)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-03 10:22:43 +02:00
Federico Di Pierro
41f20fd07a cleanup(userspac/falco): drop deprecated options. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-10-02 14:49:40 +02:00
Aldo Lacuku
6997c96306 update(changelog): add changelog for falco 0.39.0 
Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
 2024-10-01 12:00:35 +02:00
Luca Guerra
17e61450db cleanup(falco): reformat options::define 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-30 17:50:32 +02:00
Luca Guerra
683df327ac fix(falco): allow disable_cri_async from both CLI and config 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-30 15:33:32 +02:00
Luca Guerra
262aa9a003 cleanup(falco): ignore lint commit 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-30 13:59:32 +02:00
Poiana
50b98b30e5 chore(falco): apply code formatting 
Signed-off-by: Poiana <poiana.bot@gmail.com>
 2024-09-30 13:25:31 +02:00
Andrea Terzolo
11bac9dbd2 update: ignore_some_files 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-09-30 11:10:32 +02:00
Luca Guerra
c235f5b576 chore(build): update libs to 0.18.1 (master branch) 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-27 12:25:21 +02:00
Leonardo Di Giovanna
3a6d1c8c5d feat(stats): add host_netinfo networking information stats family 
Introduce host_netinfo stats family to hold information regarding host
networking. At the moment, it only provides ipv4 and ipv6 addresses
list for each interface available on the host. The naming schema for
the introduced stats is
falco.host_netinfo.interfaces.<ifname>.protocols.<ipv4|ipv6>.addresses.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2024-09-26 15:50:16 +02:00
Luca Guerra
70c10ee7e0 fix(engine): sync outputs before printing stats at shutdown 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-23 16:58:01 +02:00
Leonardo Di Giovanna
d3a67c10bd cleanup(falco_metrics): remove unused falco_utils import 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2024-09-23 15:38:01 +02:00
Leonardo Di Giovanna
5ba94a36bd fix(falco_metrics): remove ifinfo_json stat/metric 
Using JSON as value prevents any meaningful aggregation for the stats.
Splitting these information into multiple labels can drastically
increase the number of dimensions, as the number of interfaces and
addresses can be high in some environment. Moreover, these information
are not currently refreshed, even if they can frequently change. Given
these reasons, remove ifinfo_json from stats and metrics.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2024-09-23 15:38:01 +02:00
Leonardo Di Giovanna
00b35cfd81 fix(falco_metrics)!: use full name for configs and rules files 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2024-09-23 15:38:01 +02:00
Leonardo Di Giovanna
d77f768692 fix(falco_metrics)!: split tags label into multiple tag_ labels 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2024-09-23 15:38:01 +02:00
Luca Guerra
50f4bc172d update(tests): add test for plugin init_config map 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-20 09:55:49 +02:00
Luca Guerra
1a4a29348f fix(falco): allow plugin init_config map in json schema 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-20 09:55:49 +02:00
Federico Di Pierro
78f56190b4 fix(userspace/falco): properly account for plugin with CAP_PARSING when computing interesting sc set. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-19 17:40:48 +02:00
Leonardo Di Giovanna
d66c4ceb23 update(systemd): add falco.service alias to all systemd units 
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2024-09-18 15:44:53 +02:00
Federico Di Pierro
ad13cb6014 update(cmake): bump libs to 0.18.0 and driver to 7.3.0+driver. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-18 10:28:52 +02:00
Federico Di Pierro
6f1a741c7e chore(userspace/falco): deprecate cri related CLI options. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-18 09:35:52 +02:00
Federico Di Pierro
fa701dd52f fix(userspace/engine): improve rule json schema to account for source and required_plugin_versions. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-17 17:34:51 +02:00
Federico Di Pierro
6b634df56e update(cmake): bump libs and driver to 0.18.0-rc2. 
Moreover, bumped falcoctl to v0.10.0 and rules to 3.2.0.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-16 16:04:48 +02:00
Luca Guerra
037d7f9b36 cleanup(falco): use a header file for rule json schema 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-16 09:59:46 +02:00
Luca Guerra
ed4fb33981 cleanup(falco): use header file for json schema 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-16 09:59:46 +02:00
Luca Guerra
cd0d607f14 update(falco): add warning if the append condition does not appear to make sense 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-13 15:58:36 +02:00
Luca Guerra
5c959d0b1b update(falco): use std::include for readability 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-13 15:58:36 +02:00
Luca Guerra
a2336f186e update(falco): update json schema 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-13 15:58:36 +02:00
Luca Guerra
7005983409 update(engine): modify append_output format 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-13 15:58:36 +02:00
Melissa Kilby
d3c6a7478e update(falco_metrics): change prometheus rules metric naming 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-13 11:25:36 +02:00
Federico Di Pierro
d1644079e9 chore(userspace/falco): updated configuration schema. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-12 15:26:33 +02:00
Melissa Kilby
9089262569 update(falco_metrics): add kernel_event_counters_per_cpu_enabled config 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-12 15:26:33 +02:00
Melissa Kilby
2ceb6ecf0f update(Falco_metrics): fix prom subsystem for some scap vs falco metrics 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-12 15:26:33 +02:00
Melissa Kilby
2badce1714 update(falco_metrics): adjust sha256 prometheus name, remove double falco_ 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-12 15:26:33 +02:00
Melissa Kilby
4f35b3e4e2 update(falco_metrics): apply reviewers suggestions 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-12 15:26:33 +02:00
Melissa Kilby
9669a4a0bb update(falco_metrics): rearrange evts and drops prometheus metrics 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-12 15:26:33 +02:00
Andrea Terzolo
55069c8a0a chore: scaffolding for enabling code formatting 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-09-11 19:03:31 +02:00
Luca Guerra
bc7394b8c3 new(falco): add json_include_message_property option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-11 17:52:32 +02:00
Federico Di Pierro
0f26e3c9ed chore(userspace): adjusted rule_loader::result::as_verbose_string following errors and warnings output layout. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
468037151a chore(userspace,unit_tests): properly report all schema validation warnings from yaml_helper::validate_node(). 
`-V` option will print all warnings, while normal run will only print foremost warning.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
2f89a2c140 chore(userspace): added schema validation info to rule_loader::result as_json and as_string outputs. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
1f9bea5a0b update(userspace/engine): fixed priorities in rules schema. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
c8361efea7 chore(userspace/falco): reverted file to master version. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
118e82ae01 cleanup(userspace): drop unused includes from yaml_helper. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
a392e1ed2d chore(userspace): minified rule schema json. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
5bd2d5a63e cleanup(userspace,unit_tests): moved rule schema under engine. 
Also, moved yaml_helper under engine/ folder.
Ported rule json schema validation in the engine.

Also, updated rule_loader tests to check for validation.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
895e50d3a0 new(userspace): added json schema validation for rules. 
Also, a new `--rule-schema` cli option was added to print the schema and leave.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00