github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 16:42:14 +00:00
Code Issues Projects Releases Wiki Activity
4,795 Commits 119 Branches 172 Tags 104 MiB
ca0a2a34cf
Commit Graph

4795 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Samuel Gaist
2ae6103ab6 fix(falco_metrics): remove redundant falco in version metrics 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
65331c0f20 feat(falco_metrics): add event sources 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
1ba35c911a feat(falco_metrics): add duration_sec 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
5ef8f1c311 feat(falco_metrics): add outputs_queue_num_drops 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
f90dbf9b77 refactor(metrics): use prometheus_metrics_enabled for configuration 
As agreed upon during review, use this name to get started. If more
backends were to be added, the configuration structure will be updated.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
5c237a07dc refactor(metrics): make to_text get the application state 
As falco may update its state at any time and thus its inspectors objects,
keeping pointers to them may end up in using dangling values.

Therefore, use the state of the application when requesting metrics.

Optimizations such as caching of mostly static values will be done in
a follow up patch.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
a0c109fcff refactor(falco_metrics): put content type in documented constant 
This will keep things clearer and also allow for easir update in
the future.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
9cc44c0eb7 doc(falco_metrics): add basic documentation 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
de7a70ea54 fix(metrics): correct hostname metrics name and namespace 
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
53722a26bf fix(metrics): correct static metrics 
Things to fix:
- type
- name
- unit

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
59c290dc80 fix(metrics): correct metrics namespace 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
daf7efde67 refactor(metrics): move metrics handling to its own class 
This will keep the details out of the webserver itself and make
it easier to manage metrics.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
e50d647dc9 refactor(configuration): move webserver items in own struct 
This makes things easier to pass around like when starting the
web server.

This has the added benefit of simplifying further extension such as
making the metrics endpoint name configurable without adding yet another
parameter to the start function.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
968a403cba refactor(webserver): move metrics endpoint activation under webserver 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
cd073a033a fix(webserver): use falcosecurity as metric namespace 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
4819877b9f fix(webserver): remove extra line return 
The converter already provides properly formatted text.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
3a251beea7 fix(webserver): correct enabled check 
It was checking twice for prometheus configuration rather than metrics and then prometheus.

Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
8f1b2dc909 feat(webserver): implement metrics endpoint 
This endpoint currently returns only prometheus metrics.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Federico Di Pierro
61dab93eb3 chore(ci): fixed BUILD_FALCO_MODERN_BPF usages. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-24 16:49:26 +02:00
Federico Di Pierro
cc09811303 chore(cmake): enable modern bpf build by default. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-24 16:49:26 +02:00
Luca Guerra
d0945e5db5 cleanup(docs): fix typo in license blocks 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-04-19 16:52:58 +02:00
Federico Di Pierro
bdcfbba90b chore(docker,scripts): set old eBPF probe as lowest priority driver. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-18 11:18:54 +02:00
dependabot[bot]
b239246ff8 build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `869c9a7` to `ec255e6`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](869c9a7f4d...ec255e68f4)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-18 09:44:54 +02:00
Luca Guerra
814c510d7e update(app): close inspectors at teardown time 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-04-17 18:39:54 +02:00
Gianmatteo Palmieri
eb04b1c66f fix(test): expect warning instead of error on invalid macro/list name 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-04-17 11:27:52 +02:00
Gianmatteo Palmieri
dd59c48034 new(engine): raise warning instead of error on invalid macro/list name 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-04-17 11:27:52 +02:00
Federico Di Pierro
e21a3a5e58 chore(userspace/falco): make it clear singular vs plural. 
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-16 16:39:47 +02:00
Federico Di Pierro
92c1b24905 chore(falco.yaml): small improvements. 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-16 16:39:47 +02:00
Federico Di Pierro
a2a8c6c3d4 chore(userspace/falco): deprecate old 'rules_file' config key. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-16 16:39:47 +02:00
Federico Di Pierro
80a99b672f fix(docker): default to auto for driver to be configured. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-16 14:44:46 +02:00
Federico Di Pierro
fc7a451aed fix(docker): fixed docker entrypoints for driver loading. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-16 14:44:46 +02:00
Federico Di Pierro
ac61543276 fix(docker,scripts): do not load falcoctl driver loader when installing Falco deb package in docker image. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-15 17:22:44 +02:00
Federico Di Pierro
7cc57a9fa0 docs(scripts): leave a small comment. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-15 15:13:44 +02:00
Federico Di Pierro
cb414f1254 chore(docker): support new automatic driver selection in docker images entrypoints. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-15 15:13:44 +02:00
Federico Di Pierro
bb939959a7 update(falco.yaml): set modern_ebpf as default engine kind. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-15 15:13:44 +02:00
Federico Di Pierro
2ede48ccfc chore(scripts): updated debian and rpm post installation scripts to deal with new automatic driver selection as default behavior. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-15 15:13:44 +02:00
Federico Di Pierro
53d13f8bfc chore(scripts): dynamically set falcoctl allowed driver types based on cmake configuration. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-15 15:13:44 +02:00
Federico Di Pierro
2eb519380a update(cmake,scripts): bumped falcoctl to v0.8.0-rc1. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-15 15:13:44 +02:00
Gianmatteo Palmieri
c3d0579d9b fix(test): expect warning instead of error in exceptions names test 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-04-11 17:22:28 +02:00
Gianmatteo Palmieri
83910be726 new(engine): raise warning instead of error on not-unique exceptions names 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-04-11 17:22:28 +02:00
Luca Guerra
7ac5c36d5a update(ci): build both release and debug versions 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-04-10 16:10:20 +02:00
Federico Di Pierro
8b340d3903 chore(userspace/falco): watch all configs files. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 15:57:20 +02:00
Federico Di Pierro
e840a4ada0 new(unit_tests,userspace/falco): support loading and merging configs files when used from cmdline option. 
Also, moved core logic from yaml_helper to falco_configuration class.
Finally, updated tests.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
faabd41d9e chore(falco.yaml): add configs_files to falco yaml index. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
a8345327d4 chore(unit_tests,userspace/falco): throw an exception when included config file is not present. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
de9efcbec7 new(userspace/falco): allow --support to print expanded configuration file. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
2a856f2cd3 chore(unit_tests): assert expected length of warnings. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
74034213a2 chore(unit_test,userspace): better log management. 
Also, warnings are now returned so that yaml_helper class does not need to log anything.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
aac9b550d3 new(userspace,unit_tests): return loaded config filenames in config::load_from_file. 
Add a debug log with the list of loaded config files.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
df220e3c3b chore(userspace,unit_tests): support loading config files from directories. 
The files inside the folder will be loaded in lexicographic order,
like we do for rules_file.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00