github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 16:42:14 +00:00
Code Issues Projects Releases Wiki Activity
3,607 Commits 119 Branches 172 Tags 104 MiB
dad382edd6
Commit Graph

3607 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason Dellaluce
cc4ccc40d7 refactor(userspace/falco): implement complete event source selection 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-08-26 12:47:18 +02:00
Jason Dellaluce
0e2a053151 new(userspace/falco): add new cli option to selectively enable event sources 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 12:47:18 +02:00
Jason Dellaluce
97bf0338b9 refactor(userspace/falco): introduce standalone action for event source selection 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 12:47:18 +02:00
Melissa Kilby
6c12cc655e cleanup(rules): cleanup redundant use of always_true macros 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-08-26 11:40:18 +02:00
Melissa Kilby
7387fffcef cleanup(rules): cleanup rules disabled by default - 3 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-08-26 11:40:18 +02:00
Jason Dellaluce
34ca78786a refactor(userspace/falco): make signal handlers thread-safe 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:31:18 +02:00
Jason Dellaluce
f2aba88a6c refactor(userspace/falco): ensure falco outputs are non-blocking and define exiting condition 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:31:18 +02:00
Jason Dellaluce
bc765f1b7d chore(userspace/falco): log in signal handlers instead than in event processing loop 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:31:18 +02:00
Jason Dellaluce
c2a8efc329 chore(userspace/engine): fix typos 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:26:18 +02:00
Jason Dellaluce
978f192c38 chore(userspace/engine): fix codespell typos 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:26:18 +02:00
Jason Dellaluce
1120fb2564 doc(userspace/engine): define thread-safety guarantees of falco_engine::process_event 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:26:18 +02:00
Jason Dellaluce
1b8847c06b refactor(userspace/engine): make stats manager thread-safe for on_event method 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:26:18 +02:00
Jason Dellaluce
3839fdca1e update(userspace/falco): avoid using zlib in webserver 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:23:17 +02:00
Jason Dellaluce
f599fab439 update(falco.yaml): update default configuration and its comments 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:23:17 +02:00
Jason Dellaluce
2b7bcc87a7 update(userspace/falco): add configuration entry for webserver threadiness 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:23:17 +02:00
Jason Dellaluce
0eacd41cd5 refactor(userspace/falco): support zlib and custom threadiness in webserver 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:23:17 +02:00
Jason Dellaluce
d9b6473db2 refactor(userspace/engine): increase const coherence of falco engine 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-26 11:04:18 +02:00
Melissa Kilby
a6137e9475 update(rules): Directory traversal monitored file read - include failed open attempts w/ new macro open_file_failed 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-08-25 21:44:15 +02:00
Melissa Kilby
dd49038b0d cleanup(rules): Directory traversal monitored file read 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-08-25 21:44:15 +02:00
Melissa Kilby
6efc5b42f7 new(rules): Directory traversal monitored file read 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-08-25 21:44:15 +02:00
Jason Dellaluce
7d3dacc6d7 refactor(userspace/falco): cleanup actions order 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:02:15 +02:00
Jason Dellaluce
a9d185f5e1 refactor(userspace/falco): drop inspector dependency on print_plugin_info action 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:02:15 +02:00
Jason Dellaluce
bd26bc09c2 refactor(userspace/falco): drop inspector dependency on print_ignored_events action 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:02:15 +02:00
Jason Dellaluce
97e3209222 refactor(userspace/falco): drop inspector dependency on load_rule_files action 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:02:15 +02:00
Jason Dellaluce
6d30061576 refactor(userspace/falco): drop inspector dependency on list_plugins action 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:02:15 +02:00
Jason Dellaluce
2caadd1af5 refactor(userspace/falco): add action for printing syscall events 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:02:15 +02:00
Jason Dellaluce
b307853e39 update(userspace/falco): use move semantics in falco logger 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 17:00:15 +02:00
Leonardo Grasso
8e8491f280 update(test/output_files): add "hostname" to fixture 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-08-25 16:59:15 +02:00
Leonardo Grasso
3d61d3427e fix: correct env var name FALCO_HOSTNAME 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-08-25 16:59:15 +02:00
Leonardo Grasso
928e10f0ce fix(userspace/falco): print hostname when json formating is enabled 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-08-25 16:59:15 +02:00
Leonardo Grasso
34ad5c43fb update(userspace/engine): add support for hostname 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-08-25 16:59:15 +02:00
Jason Dellaluce
f7b662f936 update(cmake): bump libs and driver version to 6599e2efebce30a95f27739d655d53f0d5f686e4 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 16:32:15 +02:00
Jason Dellaluce
45bf4db077 fix(cmake/libs): enforce using bundled re2 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 16:32:15 +02:00
Jason Dellaluce
a8353307c7 update(cmake): bump libs and driver version to 2433c822e1c3ed55f6528c18a27373a677ce76af 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 16:32:15 +02:00
Jason Dellaluce
6db7353264 update(tests/engine): sync ast structs to new libs definitions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 16:32:15 +02:00
Jason Dellaluce
d35dba30ed update(userspace/engine): sync ast structs to new libs definitions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-25 16:32:15 +02:00
Ian Robertson
8872f256f6 Support multiple URLs for DRIVERS_REPO environment variable (comma separated) 
Signed-off-by: Ian Robertson <ian.robertson@wpengine.com>
 2022-08-24 18:25:10 +02:00
Ian Robertson
c40a216434 Identify DRIVER_VERSION and ARCH by storing in their proper directories 
Signed-off-by: Ian Robertson <ian.robertson@wpengine.com>
 2022-08-24 18:25:10 +02:00
Andrea Terzolo
3e3a380702 update(CI): do not check hidden files with codespell 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2022-08-23 16:29:05 +02:00
Andrea Terzolo
5e65e195ae fix(CI): codespell should ignore ro word 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-08-23 16:29:05 +02:00
Andrea Terzolo
02fce93d02 update(CI): remove release branches from the push event 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-23 15:55:05 +02:00
Andrea Terzolo
6051f2de81 update(CI): build Falco to run CodeQL Analysis 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-08-23 15:55:05 +02:00
Andrea Terzolo
9359db904b update(CI): remove python from languages 
we use python only in out tests

Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-08-23 15:55:05 +02:00
Andrea Terzolo
4c3b797003 update(CI): remove codeQL schedule option 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-08-23 15:55:05 +02:00
Andrea Terzolo
8259a2cd5f new(CI): add CodeQL security scanning to Falco. 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
Co-authored-by: Chris Aniszczyk <caniszczyk@gmail.com>
 2022-08-23 15:55:05 +02:00
Jason Dellaluce
e7502431a2 update(userspace/falco): move rate limiter out of falco outputs framework 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-23 15:52:05 +02:00
Jason Dellaluce
bec103de1a docs(falco.yaml): improve rate limiter config docs 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-23 15:52:05 +02:00
Jason Dellaluce
6c74aa1a29 update(userspace/falco): enable per-event-source rate limiter 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-23 15:52:05 +02:00
Jason Dellaluce
af0b624a3a fix(userspace/falco): set alert throttling config defaults 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-23 15:52:05 +02:00
Jason Dellaluce
8760f04bf2 refactor(userspace/falco): make output framework explicitly thread-safe 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-23 15:52:05 +02:00