github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-05 19:06:44 +00:00
Code Issues Projects Releases Wiki Activity
1,646 Commits 117 Branches 173 Tags 104 MiB
dfdd9693fc
Commit Graph

1646 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Leonardo Di Donato
40111a5d6e chore: moving travis build script in scripts directory 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
323a9ef51d chore: switching back to latest falco-builder and falco-tester docker images for CI 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
49752fc81a update(scripts): jenkins pipeline improvements 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
4224329905 fix(test): correct bash shebangs 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
b7c35d3b54 chore: output falco version 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
d1c642cbd2 build: bump minimum cmake version to 3.3.2 
Ideally I'd like to have 3.5 as minimum version.
Nevertheless for the moment I bump this to 3.3.2  to match the CMake
version of the internal Jenkins CI.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
b369de3801 fix(docker/builder): enforce DRAIOS_DEBUG_FLAGS to DNDEBUG when BUILD_TYPE=debug 
This is a temporary fix for Travis CI (which is where we use
falco-builder docker image).

Was already done in the past (see:
9285aa59c1 (diff-354f30a63fb0907d4ad57269548329e3)).

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
95a7cf3ea8 fix(build): ignore unused variables warnings 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
dc03dbee18 fix(build): draios debug flags before checking build type 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
8156c9214c fix(docker/tester): regression tests' scripts need xargs (findutils) 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
d11ad9a005 fix(docker/tester): switch to fedora 28 and avocado 69 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
c71703b566 update(test): better handling of build type 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
8400066ac8 update(test): ignore for generated traces 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
f18fc46a1c build: update cpack variables 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
e598606505 build: force falco version to always start with a digit 
Falco version respects the following rules:
If the current commit matches (exactly) a git tag then the
FALCO_VERSION equals it (with the initial "v" stripped out).
Otherwise FALCO_VERSION is 0.<commit hash>[.-dirty].

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
7b2b0b14a5 chore(docker): falco-builder docker image refinements 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
e422337ed7 fix(hack): strip ^M from current falco version and call test command of falco-tester 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
c4cd9e326a docs(docker): usage and labels for falco-tester docker image 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
533e8247fd fix(docker/local): make falco version build argument mandatory 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
736aa92b5e chore: remove travis notifications 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
3e1ab78536 build: set sysdig directory to its realpath 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
38cf3c6f29 fix(docker): falco builder does not need docker 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
50f04897e5 update(docker): falco tester image 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
62be14dde6 new(docker): default usage command for falco tester image 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
c5e296576d update(docker): falco tester entrypoint performs checks in order to be more robust 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
a5b063f5fa update: detect current falco version during travis testing 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
c61c0e7020 build: always check the BUILD_TYPE within the entrypoint 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
ebcb133f00 build: docker builder's BUILD_TYPE variable is "release" by default, otherwise it can only be "debug" 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
88503a1ea9 build: CMAKE_BUILD_TYPE is "release" by default, otherwise it can only be "debug" 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
e1c2cac9c9 fix(travis): source directory 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
44f0633f47 update: falco builder image has FALCO_VERSION build arg and env var again 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
9d4ed8e33e build: falco version from git when cmake variable exists but empty 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
0d4fc4bdad update: falco version from cmake variable 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
85a94d67d3 build: falco version from git index when not defined 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
f3c3cda879 new: cmake modules for git revision description 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
e02318db7c update: centos 7 falco builder 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
9f7e3bdfcd update: usage examples for falco builder 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
2cda10caeb new: default (usage) command for falco builder image 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
7efec602e8 new: script to enable toolset 7 in falco builder containers 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
8fb4c7f2f6 update: entrypoint checks for sysdig and falco dirs 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
6e313742e7 build: attempt to be consistent when downloading things 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
e92a721521 build: install cmake at docker build phase rather than at runtime 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
d5aae4aff5 update: make travis use the hack script 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
2aff2d00a3 update: move build and test commands into a separate script 
Co-authored-By: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
ntimo
d7956a2a09 add docker.io/prom/node-exporter to falco_sensitive_mount_images 
Signed-off-by: Timo Nowitzki <git@nowitzki.me>
 2019-07-24 16:25:47 +02:00
ntimo
9308c1ee55 add docker.io/google/cadvisor to falco_sensitive_mount_images 
Signed-off-by: Timo Nowitzki <git@nowitzki.me>
 2019-07-24 16:25:47 +02:00
Mark Stemm
40e3e21391 Allow all lowercase priorities 
Just being tolerant given that the comparison used to be entirely
case-insensitive.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2019-07-24 13:05:17 +02:00
kaizhe
d6c089c917 add netdata/netdata to falco_sensitive_mount_images 
Signed-off-by: kaizhe <derek0405@gmail.com>
 2019-07-23 18:50:23 +02:00
kaizhe
9ab718c100 rules update: 
Add trusted_logging_images macro for rule Clear Log Hisotry as exception

Signed-off-by: kaizhe <derek0405@gmail.com>
 2019-07-23 18:50:23 +02:00
Lorenzo Fontana
4b2ea32eac fix: do the inspector after forking for daemon mode 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2019-07-23 01:13:05 +02:00