github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 00:22:15 +00:00
Code Issues Projects Releases Wiki Activity
4,600 Commits 121 Branches 172 Tags 104 MiB
d93c51c929
Commit Graph

4600 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Federico Di Pierro
de9efcbec7 new(userspace/falco): allow --support to print expanded configuration file. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
2a856f2cd3 chore(unit_tests): assert expected length of warnings. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
74034213a2 chore(unit_test,userspace): better log management. 
Also, warnings are now returned so that yaml_helper class does not need to log anything.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
aac9b550d3 new(userspace,unit_tests): return loaded config filenames in config::load_from_file. 
Add a debug log with the list of loaded config files.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
df220e3c3b chore(userspace,unit_tests): support loading config files from directories. 
The files inside the folder will be loaded in lexicographic order,
like we do for rules_file.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
5e51828509 chore(build): install a config.d folder under the falco directory. 
Also, include it in the config file.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
d3bf3a7560 chore(userspace/falco,unit_tests): renamed includes to configs_files. 
Moreover, split single huge test into multiple smaller ones.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
1deafee5f7 chore(userspace/falco): print a warn message if -o includes= is passed to cmdline. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
45754fda9f new(userspace,unit_tests): deny main config to include itself. 
Moreover, added a couple more tests.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
8112f6210b chore(userspace,unit_tests): enable override of main config from secondary config files. 
Moreover, do not trigger an exception when an included file is not present; just print a warning.
Finally, add more tests.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
6e1f128851 chore(unit_tests): more tests. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Federico Di Pierro
b3ebf9f57e new(userspace,unit_tests): introduce the possibility to split main config file into multiple config files. 
The PR introduces a `includes` keyword in the config file,
that points to a list of strings (paths to other config files).

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-04-10 14:44:20 +02:00
Luca Guerra
3cbc4aa29c chore(falco): update falco libs to latest master 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-04-08 17:18:13 +02:00
dependabot[bot]
39cb0a8a67 build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `88a40c8` to `869c9a7`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](88a40c8d9c...869c9a7f4d)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-05 19:02:03 +02:00
Gianmatteo Palmieri
7234bc5bee chore(engine): bump engine version 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-04-03 18:23:53 +02:00
Gianmatteo Palmieri
368463e295 new(tests): add unique exceptions names test 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-04-03 18:23:53 +02:00
Gianmatteo Palmieri
05c434ed89 new(engine): enforce unique exceptions names 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-04-03 18:23:53 +02:00
Luca Guerra
05e6e3038c chore(build): update scorecard-action to v2.3.1 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-04-02 16:53:45 +02:00
Luca Guerra
b01ef55f6b new(ci): build with sanitizers in CI 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-03-29 14:08:24 +01:00
Luca Guerra
f895f8fc78 fix(tests): fix uninitialized variable in test 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-03-29 14:08:24 +01:00
Luca Guerra
b82c73c66c new(build): add option to build with ASAN and UBSAN 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-03-29 14:08:24 +01:00
Luca Guerra
1aae10fe84 update(engine): bump engine checksum and version 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-03-29 10:16:23 +01:00
Luca Guerra
0d40a718c8 update(build): bump libs to latest master 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-03-29 10:16:23 +01:00
Luca Guerra
13c8e37a41 cleanup(falco): consolidate falco::grpc::server in one class 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-03-28 10:16:15 +01:00
Gianmatteo Palmieri
a8018a2894 new(tests): test override/append exception with no values 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-03-27 09:15:13 +01:00
Gianmatteo Palmieri
7086f35eba new(engine): add warning when appending an exception with no values 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-03-27 09:15:13 +01:00
Gianmatteo Palmieri
d1707bef63 fix(engine): apply output substitutions for all sources 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-03-25 19:33:06 +01:00
dependabot[bot]
1882def2a6 build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `fbf0a4e` to `88a40c8`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](fbf0a4e8ce...88a40c8d9c)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-25 19:06:06 +01:00
Luca Guerra
8421e4b122 fix(cmake): fix USE_BUNDLED_DEPS=ON and BUILD_FALCO_UNIT_TESTS=ON 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-03-25 16:47:06 +01:00
Paul Rey
12cd72a396 Remove --source-only option in driver loader docker-entrypoint.sh 
The option is supported anymore in falcoctl

Signed-off-by: Paul Rey <contact@paulrey.io>
 2024-03-22 13:45:53 +01:00
Paul Rey
858c82ffe0 Update driver-loader docker-entrypoint 
Remove debug log
Set default option ENABLE_COMPILE and ENABLE_DOWNLOAD

Signed-off-by: Paul Rey <contact@paulrey.io>
 2024-03-22 13:45:53 +01:00
Paul Rey
2f6fdfa972 Add kernelversion and kernelrelease options to falco driver loader entrypoint 
Signed-off-by: Paul Rey <contact@paulrey.io>
 2024-03-22 13:45:53 +01:00
dependabot[bot]
2dfac14cd1 build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `44addef` to `fbf0a4e`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](44addef4f7...fbf0a4e8ce)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-15 09:41:27 +01:00
Federico Di Pierro
5fe9fc9d89 update(cmake): bumped libs and driver to 0.15.0-rc1. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-03-14 10:55:24 +01:00
Melissa Kilby
3b7b3439ec cleanup(metrics): fix build for non linux 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-03-14 10:55:24 +01:00
Melissa Kilby
7762d0cd84 chore: bump libs 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-03-14 10:55:24 +01:00
Melissa Kilby
09d813b22d feat(metrics): sync libs metrics collector refactor 
Includes a handful of naming changes. A notice to
https://falco.org/docs/metrics/falco-metrics/ will be added well
in advance of Falco 0.38.0

falco.hostname -> evt.hostname to be consistent with the newer evt.hostname filtercheck
cpu_usage_perc_total_host -> host_cpu_usage_perc
memory_used_host -> host_memory_used_kb (or host_memory_used_mb)
procs_running_host -> host_procs_running
open_fds_host -> host_open_fds

memory_rss -> memory_rss_kb (or memory_rss_mb)
memory_pss -> memory_pss_kb (or memory_pss_mb)
memory_vsz -> memory_vsz_kb (or memory_vsz_mb)
container_memory_used -> container_memory_used_bytes (or container_memory_used_mb)

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-03-14 10:55:24 +01:00
Andrea Terzolo
3395e604b6 ci: use ubuntu-22.04 with codeQL job 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-03-12 16:29:17 +01:00
Andrea Terzolo
0ce2b95b89 chore: bump falco engine version 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-03-12 16:29:17 +01:00
Andrea Terzolo
c5bb2b68e2 chore: bump to latest libs commit 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-03-12 16:29:17 +01:00
Federico Aponte
8dbec6c779 refactor: Use FetchContent for integrating bundled yaml-cpp lib 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2024-03-11 13:57:15 +01:00
Federico Aponte
c32b7c1246 refactor: Use FetchContent for integrating bundled cpp-httplib 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2024-03-11 13:57:15 +01:00
Federico Aponte
bc499e191d refactor: Use FetchContent for integrating bundled nlohman-json lib 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2024-03-11 13:57:15 +01:00
dependabot[bot]
ea187d3b45 build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `dc7970d` to `44addef`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](dc7970d175...44addef4f7)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-11 09:38:14 +01:00
Gianmatteo Palmieri
517b79ee13 chore(engine): bump engine version 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-03-08 00:02:01 +01:00
Gianmatteo Palmieri
3d4be156cc new(tests): add unit test for invalid macro/list name 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-03-08 00:02:01 +01:00
Gianmatteo Palmieri
7265190e66 new(engine): don't expose details in error message 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-03-08 00:02:01 +01:00
Gianmatteo Palmieri
f00926b8af new(engine): error on invalid macro/list name 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-03-08 00:02:01 +01:00
dependabot[bot]
a473ae5eb8 build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `f88b991` to `dc7970d`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](f88b991a7f...dc7970d175)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-07 11:39:58 +01:00
Federico Aponte
3954ff233b refactor(ci): Avoid using command make directly 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2024-03-07 11:37:58 +01:00