falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-07-01 17:12:21 +00:00

Author	SHA1	Message	Date
Leonardo Di Donato	cd1b23d2bc	update(.github): remove unused kind/* label from PR template Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-12-13 11:17:02 +01:00
Leonardo Di Donato	de8714d2be	chore(.github): delete issue templates in favor of default ones Default issue templates can be found in https://github.com/falcosecurity/.github repo. Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-12-13 11:17:02 +01:00
Hiroki Suezawa	93fdf8ef61	rule(macro user_known_k8s_client_container): Rephrase the comment Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2019-12-11 12:53:06 +01:00
Hiroki Suezawa	bcc84c47c6	rule(macro user_known_k8s_client_container): have more strict condition to avoid false positives Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2019-12-11 12:53:06 +01:00
Chris Goller	965ead0c2a	build: use consistent case for options in message Signed-off-by: Chris Goller <goller@gmail.com>	2019-12-10 21:15:16 +01:00
Chris Goller	d66125278a	build: use consistent case for falco options Signed-off-by: Chris Goller <goller@gmail.com>	2019-12-10 21:15:16 +01:00
Chris Goller	e31bfeb8b2	build: add FALCO_Coverage CMake option With cmake FALCO_Coverage=on the --coverage option is passed to both clang and gcc to help analyze untested portions of the code base. It produces gcov files. These files can be analyzed by many tools such as lcov, gcovr, etc. Here is an example of one such tool, lcov: lcov --directory . --capture --output-file coverage.info lcov --extract coverage.info '/source/*' --output-file coverage.info genhtml coverage.info Signed-off-by: Chris Goller <goller@gmail.com>	2019-12-10 21:15:16 +01:00
Leonardo Di Donato	7159b43f68	update(proposals): goals, non-goals and use cases of the Falco API Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-12-09 16:46:16 +01:00
Leonardo Di Donato	b684aee817	update(proposals): better summary for Falco API Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-12-09 16:46:16 +01:00
Leonardo Di Donato	ae52dc4d3b	proposals: complete the Falco API proposal Co-Authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-12-09 16:46:16 +01:00
Leo Di Donato	a64f7faa3c	fix(proposals): typos and language Signed-off-by: Lorenzo Fontana <lo@linux.com> Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com> Co-Authored-By: Lorenzo Fontana <lo@linux.com>	2019-12-09 16:46:16 +01:00
Leonardo Di Donato	ced04a4d89	update: goals and (initial) architecture for API services Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-12-09 16:46:16 +01:00
Leonardo Di Donato	2b75ca9024	new: setup Falco API proposal Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-12-09 16:46:16 +01:00
Lorenzo Fontana	8069eacc94	build: use secure grpc when it is not bundled Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-12-06 13:36:16 +01:00
Nicolas Marier	13931ab5d7	rule(Write below etc): whitelist automount writing under /etc This commit allows automount to write under /etc/mtab without flagging it as an error. Signed-off-by: Nicolas Marier <nmarier@coveo.com>	2019-12-05 19:27:18 +01:00
Hiroki Suezawa	559b7e1bb1	rule(The docker client is executed in a container): modify condition to reduce false positive Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2019-12-05 14:32:22 +01:00
Hiroki Suezawa	fc58ac7356	rule update: modify rule to detect connection to K8S API Server from a container Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2019-12-05 10:59:05 +01:00
Leonardo Di Donato	e893e048a1	docs(README): community call + repo planning + correct mailing list URL Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-12-04 18:41:28 +01:00
Leo Di Donato	0c9787624b	docs(CONTRIBUTING): rule type subsection title Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-12-04 18:09:14 +01:00
Lorenzo Fontana	daca750cd9	docs(CONTRIBUTING): commit convention details Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-12-04 18:09:14 +01:00
Jean-Philippe Lachance	418bcf2177	Apply Kaizhe's code review Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>	2019-12-04 03:36:04 +01:00
Jean-Philippe Lachance	f97a33d40a	Exclude exe_running_docker_save in the "Update Package Repository" rule Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>	2019-12-04 03:36:04 +01:00
Jean-Philippe Lachance	df7a356e1d	Apply Kaizhe's code review Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>	2019-12-04 03:35:11 +01:00
Jean-Philippe Lachance	03e8b7f53d	Exclude exe_running_docker_save in the "Modify Shell Configuration File" rule Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>	2019-12-04 03:35:11 +01:00
Jean-Philippe Lachance	146343e5f0	Update the exe_running_docker_save macro to support docker in docker Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>	2019-12-04 02:20:21 +01:00
Hiroki Suezawa	7da245e902	rule update: Modify rule to detect raw packets creation Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2019-12-04 00:19:26 +00:00
Hiroki Suezawa	d0e6279bb2	rule update: Modify condition for raw packets creation Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2019-12-04 00:19:26 +00:00
Hiroki Suezawa	8b2d4e1fe6	rule update: Fix condition for raw packets creation and renamed Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2019-12-04 00:19:26 +00:00
Hiroki Suezawa	ebec520ebc	rule update: Add rules to detect raw packets creation Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2019-12-04 00:19:26 +00:00
kaizhe	2f8caf99cd	rule update: align sensitive mount macro between k8s_audit rules and syscall rules Signed-off-by: kaizhe <derek0405@gmail.com>	2019-12-03 12:58:21 -08:00
Hiroki Suezawa	0b402e2326	rule update: Rename rule for Cloud Metadata access again Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2019-12-03 20:15:33 +00:00
Hiroki Suezawa	54329a64cd	rule update: Rename rule for Cloud Metadata access Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2019-12-03 20:15:33 +00:00
rung	89d8259860	rule update: Add consider_gce_metadata_access macro for rule to detect GCE Metadata access Signed-off-by: rung <suezawa@gmail.com>	2019-12-03 20:15:33 +00:00
Hiroki Suezawa	e70febc8db	rule update: Add rules for GCE Metadata detection Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2019-12-03 20:15:33 +00:00
kaizhe	722ab4f2f9	minor changes Signed-off-by: kaizhe <derek0405@gmail.com>	2019-12-03 19:37:01 +00:00
kaizhe	6c9bce6f73	update k8s audit rule Signed-off-by: kaizhe <derek0405@gmail.com>	2019-12-03 19:37:01 +00:00
kaizhe	7c33fafe89	minor changes Signed-off-by: kaizhe <derek0405@gmail.com>	2019-12-03 19:37:01 +00:00
kaizhe	18acea4a73	minor changes Signed-off-by: kaizhe <derek0405@gmail.com>	2019-12-03 19:37:01 +00:00
kaizhe	8011fe7ce7	rules update: add more sensitive host path to sensitive_host_mount macro Signed-off-by: kaizhe <derek0405@gmail.com>	2019-12-03 19:37:01 +00:00
Lorenzo Fontana	d328ff3fde	update(cmake/patch): include Makefile template in patch for grpc 1.25.0 Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-12-03 17:43:57 +00:00
Lorenzo Fontana	fbcc6a0781	build: update gRPC to 1.25.0 Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-12-03 17:43:57 +00:00
Jean-Philippe Lachance	80d69917ea	* Rename the macro to user_known_package_manager_in_container + Add a comment to explain how we should use this macro Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>	2019-12-03 00:03:35 +01:00
Jean-Philippe Lachance	3713f7a614	+ Add a simple user_known_package_manager_in_container_conditions macro * Use the user_known_package_manager_in_container_conditions macro in the "Launch Package Management Process in Container" rule Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>	2019-12-03 00:03:35 +01:00
Jean-Philippe Lachance	79cb75dcd1	! Exclude exe_running_docker_save in the "Set Setuid or Setgid bit" rule Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>	2019-12-02 23:54:53 +01:00
Hiroki Suezawa	c736a843a0	rule update: Add kubelet to user_known_chmod_applications list Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2019-12-01 23:27:04 +01:00
Adrián Arroyo Calle	1b05f0e6a7	chore: read hostname in initialization Signed-off-by: Adrián Arroyo Calle <adrian.arroyocalle@gmail.com>	2019-11-27 22:23:49 +01:00
Adrián Arroyo Calle	4d180cbc31	chore: use std::string to have safer copies Signed-off-by: Adrián Arroyo Calle <adrian.arroyocalle@gmail.com>	2019-11-27 22:23:49 +01:00
Adrián Arroyo Calle	137e7fc0ec	chore: hostname can be 253 characters maximum Signed-off-by: Adrián Arroyo Calle <adrian.arroyocalle@gmail.com>	2019-11-27 22:23:49 +01:00
Adrián Arroyo Calle	52fbcefa1d	chore: add environment variable FALCO_GRPC_HOSTNAME Signed-off-by: Adrián Arroyo Calle <adrian.arroyocalle@gmail.com>	2019-11-27 22:23:49 +01:00
Adrián Arroyo Calle	a084f17493	feat: add hostname field in gRPC output Signed-off-by: Adrián Arroyo Calle <adrian.arroyocalle@gmail.com>	2019-11-27 22:23:49 +01:00

1 2 3 4 5 ...

1451 Commits