github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-29 16:17:32 +00:00
Code Issues Projects Releases Wiki Activity
4,600 Commits 121 Branches 172 Tags 104 MiB
d93c51c929
Commit Graph

4600 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luca Guerra
d93c51c929 update(build): update libs to latest master 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-08-26 15:51:25 +02:00
Luca Guerra
784d2d27cb update(cmake): bump libs and drivers to fix compilation issue 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-08-26 15:51:25 +02:00
Jason Dellaluce
6783cc7055 fix(unit_tests): adapt tests to new engine warning formats 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-08-26 15:51:25 +02:00
Jason Dellaluce
4ae942f1c6 update(cmake): bump libs and driver to latest master 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-08-26 15:51:25 +02:00
dependabot[bot]
d3191bdf15 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `342b20d` to `baecf18`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](342b20dc7d...baecf181ea)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-20 10:46:43 +02:00
Luca Guerra
6824bdb660 update(docs): update changelog for 0.38.2 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-08-19 16:34:41 +02:00
Bill Vandenberk
1755527ad7 Add Tulip Retail to adopters list 
Signed-off-by: Bill Vandenberk <bill@vandenberk.me>
 2024-08-08 15:00:54 +02:00
Melissa Kilby
33a0d9c6ab fix(metrics/prometheus): adopt best prometheus practices for rules counters and sha256 file metrics 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-08-05 11:39:40 +02:00
dependabot[bot]
7a9048125f chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `068f0f2` to `342b20d`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](068f0f2dc9...342b20dc7d)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-02 19:55:30 +02:00
dependabot[bot]
d12b0ce290 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `28b98b6` to `068f0f2`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](28b98b6f5f...068f0f2dc9)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-23 14:03:45 +02:00
Samuel Gaist
0e0428c5f7 vote: request to join maintainers 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-07-08 16:45:35 +02:00
Federico Di Pierro
1f2943da1e chore(ci): add ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION:true env to enforce the usage of node16. 
Centos:7 does not support node20 (glibc required mismatch).

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-07-08 07:03:33 +02:00
Federico Di Pierro
a9f3d98a00 chore(ci): use correct vault repo path for arm64. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-07-08 07:03:33 +02:00
Federico Di Pierro
aa42e380e0 fix(ci): use vault.centos.org for centos:7 CI build. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-07-08 07:03:33 +02:00
dependabot[bot]
5283dca335 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `c0a9bf1` to `28b98b6`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](c0a9bf17d5...28b98b6f5f)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-03 11:27:18 +02:00
harshitasao
c25ded8f39 made some required changes 
Signed-off-by: harshitasao <harshitasao@gmail.com>
 2024-07-02 11:16:12 +02:00
harshitasao
a9ef7f9f97 added the openssf scorecard badge 
Signed-off-by: harshitasao <harshitasao@gmail.com>
 2024-07-02 11:16:12 +02:00
dependabot[bot]
62a448f805 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `ea57e78` to `c0a9bf1`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](ea57e78ea1...c0a9bf17d5)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-06-27 14:45:50 +02:00
Federico Di Pierro
4a4ed1e118 update(userspace/engine): bump engine version and checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-06-26 10:32:44 +02:00
Federico Di Pierro
c602be596b update(docs): update CHANGELOG for 0.38.1 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-06-26 10:32:44 +02:00
Federico Di Pierro
24eec1e92a update(cmake,userspace): bump libs and driver to latest master. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-06-26 10:32:44 +02:00
Mark Stemm
a3bf8b472b If rule compilation fails, return immediately 
There's no need to populate rulesets with the output if compilation
failed.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-06-25 18:27:39 +02:00
Mark Stemm
adeca79d1c Modify evttype_index_ruleset to derive from indexable_ruleset 
Modify evttype_index_ruleset to derive from indexable_ruleset instead
of having its own implementation of segregating filters by ruleset
id/event type.

An evttype_index_wrapper contains a falco rule and filter, and
implements the methods required by the template. run_wrappers()
evaluate the filter as before, without the segregation by ruleset
id/event type.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-06-20 11:23:12 +02:00
Mark Stemm
bbcfa61d82 Add an indexable ruleset that can split filters by ruleset/evttype 
Now that custom rules loading implementations (and related, custom
rulesets) can be swapped into falco in a customizable way, there is
some functionality in evttype_index_ruleset that could be used by
other rulesets, specifically the part that segregates filters by
ruleset and enables/disables filters based on name substring + tags.

To allow for this, create a new template indexable_ruleset<class
filter_wrapper> which derives from filter_ruleset and segregates the
filter_wrappers by ruleset. It also optionally segregates
filter_wrappers by event type.

The filter_wrapper class is an object that can return a name, tags,
and sc/event codes.

The main interfaces for classes that derive from indexable_ruleset are:

- add_wrapper(), which provides a filter_wrapper to the
  indexable_ruleset. This is generally called from
  add()/add_compile_output(), which must be implemented by the derived class.
- run_wrappers(), which must be implemented by the derived class and
  is called for event processing.

Most of the methods required by filter_ruleset are implemented by
indexable_ruleset and do not need to be implemented by the derived
class.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-06-20 11:23:12 +02:00
Gianmatteo Palmieri
3e91a27538 new(metrics): enable plugins metrics 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-06-13 16:32:48 +02:00
Federico Di Pierro
0e754aec14 chore(userspace): bump engine version and checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-06-13 13:40:48 +02:00
Federico Di Pierro
0e4c580c1e update(cmake): bump libs to master. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-06-13 13:40:48 +02:00
Luca Guerra
b8e5e2e8dd update(engine): allow using -p to pass a format to plugin events 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-06-11 09:19:39 +02:00
dependabot[bot]
1c31390c56 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `df963b6` to `ea57e78`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](df963b6bcd...ea57e78ea1)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-06-11 09:18:40 +02:00
Luca Guerra
8a59cee355 cleanup(falco): clarify that --print variants only affect syscalls 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-06-06 09:46:22 +02:00
Gianmatteo Palmieri
1c66b640f2 Revert "fix(engine): apply output substitutions for all sources" 
This reverts commit 4ef7c9553a.

Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-06-05 12:43:19 +02:00
Federico Di Pierro
35395728cc chore(ci): enable dummy tests on the testing framework. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-06-04 10:15:13 +02:00
Melissa Kilby
5777a44ca1 fix(metrics): fix sha256 metric names for prometheus 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-06-04 09:52:13 +02:00
Melissa Kilby
97207d309a fix(metrics): allow each metric output channel to be selected independently 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-06-04 09:52:13 +02:00
dependabot[bot]
f43347da45 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `679a50a` to `df963b6`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](679a50aa5c...df963b6bcd)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-06-03 17:01:10 +02:00
Federico Di Pierro
6687d50fc2 chore(userspace/falco): more extra safety checks on stats collector too. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-06-03 15:56:14 +02:00
Federico Di Pierro
ae71cec507 fix(userspace/falco): fixed falco_metrics::to_text implementation when running with plugins. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-06-03 15:56:14 +02:00
Federico Di Pierro
ba85afa2ab update(cmake): bump libs and driver to master. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-31 11:26:59 +02:00
dependabot[bot]
048b9e3dd0 chore(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `9e56293` to `679a50a`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](9e56293b55...679a50aa5c)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-30 16:36:56 +02:00
Luca Guerra
1ddfde61f5 update(docs): update CHANGELOG for 0.38.0 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-05-30 16:35:56 +02:00
Federico Di Pierro
edd93054fd chore(proposals): fix typo. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-28 11:05:46 +02:00
Federico Di Pierro
b5316c98bc update(cmake): bump falcoctl to v0.8.0. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-28 11:05:46 +02:00
Luca Guerra
6c66294e72 chore(build): bump rules to 3.1.0 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-05-27 16:29:43 +02:00
dependabot[bot]
9fd26eaa2e --- 
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-23 09:51:23 +02:00
Jason Dellaluce
cd1c5f911c refactor(userspace): move falco logger under falco engine 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-23 09:29:23 +02:00
Luca Guerra
40765ca77b chore(gha): update cosign 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-05-21 11:41:13 +02:00
dependabot[bot]
1e942129b2 build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `29c41c4` to `59bf03b`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](29c41c4eed...59bf03bf74)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-21 11:37:13 +02:00
Federico Di Pierro
0bf7458f3d chore(falco.yaml): rule -> rules. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-20 16:33:11 +02:00
Federico Di Pierro
d553662108 cleanup(falco.yaml): removed useless sentence. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-20 16:33:11 +02:00
Federico Di Pierro
a48965a00c chore(userspace,falco.yaml,unit_tests): configs_files -> config_files. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-20 16:33:11 +02:00