github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 23:57:29 +00:00
Code Issues Projects Releases Wiki Activity
2,574 Commits 121 Branches 172 Tags 104 MiB
d989e9c2d5
Commit Graph

2574 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Leonardo Grasso
574e7f433b docs(README.md): correct broken links 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-15 10:58:21 -05:00
Angelo Puglisi
f6fa18e7ec chore(cmake): mark some variables as advanced 
Have some cmake variables (e.g. *_INCLUDE and *_LIB) marked as advanced,
in order to have a cleaner ccmake menu.

Signed-off-by: Angelo Puglisi <angelopuglisi86@gmail.com>
 2020-12-15 10:56:20 -05:00
kaizhe
6beb9838d6 rule(list user_known_change_thread_namespace_binaries): add crio and multus to the list 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-12-14 04:16:15 -05:00
Angelo Puglisi
9a175cb1db chore(cmake/modules): avoid useless rebuild 
Because of https://gitlab.kitware.com/cmake/cmake/-/issues/16419, every
time one compiles, some external projects gets updated causing rebuild.

Have EP_UPDATE_DISCONNECTED option (default OFF) to be able to control
that behaviour.

Signed-off-by: Angelo Puglisi <angelopuglisi86@gmail.com>
Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-12-10 13:28:01 -05:00
Spencer Krum
32daac3e4d fix(config): Error out when no config file supplied 
Fixes: #1406

Signed-off-by: Spencer Krum <nibz@spencerkrum.com>
 2020-12-10 13:26:04 -05:00
kaizhe
0a901e4f52 add exception macro 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-12-04 06:21:34 -05:00
kaizhe
22732e9edb rule(Container Run as Root User): new rule created 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2020-12-04 06:21:34 -05:00
Leonardo Grasso
6a352338e3 update(userspace/falco): output worker should not throw exceptions 
Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
f8b66d051b fix(userspace/falco) class naming convention 
Co-authored-by: Lorenzo Fontana <fontanalorenz@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
c237ddc738 chore(userspace/falco): apply suggestions from review 
Co-authored-by: deepskyblue86 <angelopuglisi86@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
9d31164a71 update(userspace/falco): clear output queue if still blocked during the shutdown 
Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
f433b449d9 chore(userspace/falco): add_output init check 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
44955004e3 chore(userspace/falco): handle freeing of output objects 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
a9dac551b8 docs(falco.yaml): better explanation on "output_timeout" 
Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
df8e4e0545 new: Falco config for output timeout 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
321da3e5bf chore(userspace/falco): configurable outputs timeout 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
4b34b83739 new(userspace/falco): add "output_timeout" config node 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
5b558cd600 update(userspace/falco): watchdog for outputs 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
3b7401c2e5 new(userspace/falco): Watchdog timer utility 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
aea12f4f3b update(userspace/falco): outputs error handling 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
f2637c8600 update(userspace/falco): add accessor method for output's name 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
0a14d34e16 chore(userspace/falco): correct exception message 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
a1bdf3ed61 update(userspace/falco): add "internal" source to outputs and proto 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
d3c41c2d97 chore(userspace/falco): avoid multiple outputs init 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
90d71a8e92 feat(userspace/falco): non-blocking outputs 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
Leonardo Grasso
8eb7d83ee8 update(userspace/falco): introduce message struct for outputs 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-12-01 04:18:04 -05:00
deepskyblue86
3b78cda716 fix(docs): Broken outputs.proto link 
Fix broken outputs.proto link, previously pointing to nonexistent
branch, making it point to master branch.

Signed-off-by: deepskyblue86 <angelopuglisi86@gmail.com>
 2020-11-23 11:28:10 -05:00
Leonardo Grasso
6ca4e11d8c update(docker): correct container labels 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-11-23 11:26:08 -05:00
Leonardo Grasso
6bc97ca9e7 fix(docker/no-driver): add missing HOST_ROOT env 
Please note that the `HOME` env has been added for consistency purposes with the main docker image.

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-11-23 11:26:08 -05:00
Leo Di Donato
71e56ac87c update(.github): remove stale bot in favor of lifecycle bot (prowjobs) 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-11-23 11:24:12 -05:00
Lorenzo Fontana
12b7ff9940 build: BUILD_BYPRODUCTS for civetweb 
The BUILD_BYPRODUCTS for the civetweb target
is needed so that when Falco is built using Ninja
the falco target can have a reference to
understand what target is building the civetweb lib
and do the build automatically without having to do
`ninja civetweb` first.

Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-11-16 13:23:27 -05:00
Leonardo Di Donato
648bb6294f fix(cmake/modules): patch the max_consumers parameter of the 
kernel-module Falco driver

Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-11-13 09:21:30 -05:00
Lorenzo Fontana
dada3db3f2 docs: adding the kubernetes privileged use case to use cases 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Co-Authored-By: Leonardo Grasso <me@leonardograsso.com>
Co-Authored-By: Massimiliano Giovagnoli <massimiliano.giovagnoli.1992@gmail.com>
Co-Authored-By: Jonah Jones <jonahjones094@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-11-12 14:47:22 -05:00
DingGGu
2b2856299c rule(macro user_known_k8s_client_container): separate list of k8s images 
Signed-off-by: DingGGu <ggu@dunamu.com>
 2020-11-11 10:22:45 -05:00
DingGGu
ec5b42074e rule(macro user_known_k8s_ns_kube_system_images): add new macro image name inside kube-system namespace 
Signed-off-by: DingGGu <ggu@dunamu.com>
 2020-11-11 10:22:45 -05:00
DingGGu
0b516b7d42 rule(macro user_known_k8s_ns_kube_system_images): add new macro image name inside kube-system namespace 
Signed-off-by: DingGGu <ggu@dunamu.com>
 2020-11-11 10:22:45 -05:00
DingGGu
4954593261 rule(macro user_known_k8s_client_container): add node-problem-detector pattern to avoid false positive 
Signed-off-by: DingGGu <ggu@dunamu.com>
 2020-11-11 10:22:45 -05:00
Leonardo Di Donato
0eff0f6003 docs: changelog for 0.26.2 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-11-10 14:10:15 -05:00
Leo Di Donato
8d10a60e42 build: remove duplicate item from FALCO_SOURCES 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-11-10 06:43:15 -05:00
Dominic Evans
4d6636a030 fix(scripts/falco-driver-loader): lsmod usage 
Attempting to start falco on a host that had a similarly named module
(e.g., "falcon") would cause the falco-driver-loader to loop attempting
to rmmod falco when falco was not loaded.

falco-driver-loader will now inspect only the first column of lsmod
output and require the whole search string to match

Fixes #1468

Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
 2020-11-10 04:11:07 -05:00
Lorenzo Fontana
55a93bce8b build: bump sinsp, scap and the drivers to 5c0b863ddade7a45568c0ac97d037422c9efb750 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-11-10 04:09:10 -05:00
Lorenzo Fontana
0f14821744 fix(userspace/falco): include directories and sources 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-11-10 04:09:10 -05:00
Lorenzo Fontana
e0175b1e06 build: cmake modules fixes and split 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-11-10 04:09:10 -05:00
Lorenzo Fontana
8be299939a build: update sinsp, scap and the drivers to c4f096099bf81966803d26c40c6c2cb2b8d08033 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-11-10 04:09:10 -05:00
Lorenzo Fontana
9828c6aeb6 build: bump gRPC to 1.32.0 
Besides all the other improvements, we are really interested
in getting the Make options for other ISAs than x86_64 when it
comes to compiling abseil [0].

This is what happens on aarch64

```
make[4]: *** [Makefile:2968: /root/falco/build-musl/grpc-prefix/src/grpc/objs/opt/third_party/abseil-cpp/absl/base/internal/thread_identity.o] Error 1
c++: error: unrecognized command line option '-maes'
c++: error: unrecognized command line option '-msse4'
c++: error: unrecognized command line option '-msse4'
c++: error: unrecognized command line option '-maes'
```

[0] bf87ec9e44

Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-11-10 04:09:10 -05:00
Lorenzo Fontana
7ee0eb7e9c update: cpack specify architecture for debian packages 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-11-10 04:09:10 -05:00
Lorenzo Fontana
0f155c3a1f build: switch Falco back to luajit 
moonjit is unmaintaned [0], and lujit recently [1] added support
for the aarch64 architecture.

[0] https://twitter.com/siddhesh_p/status/1308594269502885889?s=20
[1] e9af1abec5

Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-11-10 04:09:10 -05:00
Lorenzo Fontana
3258bdd990 update: syscall table zero definition for arm64 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-11-10 04:09:10 -05:00
Lorenzo Fontana
9f41a390a7 update: bump sinsp and scap to fntlnz-aarch64 
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-11-10 04:09:10 -05:00
Lorenzo Fontana
7aa6fa9897 build: use fields_info from libsinsp 
Related-to: https://github.com/draios/sysdig/pull/1693
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-11-10 04:09:10 -05:00