falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-07-05 19:06:44 +00:00

Author	SHA1	Message	Date
Michael Ducy	ac8204dc30	Initial try at slimmer images Signed-off-by: Michael Ducy <michael@ducy.org>	2019-10-11 19:43:56 +02:00
Yathi Naik	49030af988	Added more context on Sysdig Secure in Adopters.md Signed-off-by: Yathi Naik <yathi@sysdig.com>	2019-10-10 12:59:03 +02:00
Benjamin	4e6d347e43	Add k8s deployment yaml files for audit purpose only Signed-off-by: Benjamin <benjamin@yunify.com>	2019-10-09 16:31:03 +02:00
Felipe Bessa Coelho	8353a0b22e	Ignore sensitive mounts from ecs-agent Without this, as ecs-agent starts we get a bunch of errors that look like this (reformatted for readability): Notice Container with sensitive mount started ( user=root command=init -- /agent ecs-agent (id=19d4e98bb0dc) image=amazon/amazon-ecs-agent:latest mounts=/proc:/host/proc:ro:false:rprivate,$lotsofthings ) ecs-agent needs those to work properly, so this can cause lots of false positives when starting a new instance. Signed-off-by: Felipe Bessa Coelho <fcoelho.9@gmail.com>	2019-10-09 16:30:36 +02:00
Mark Stemm	1d1ecd9905	Add explicit catch2 dependency for tests When I try to build the dev branch using the docker builder, the tests target isn't properly checking out and building catch2 for the dependency catch2.hpp. Adding this explicit dependency allowed the build to succeed. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>	2019-10-08 16:12:18 +02:00
Leo Di Donato	aaff21106d	update(.github): proposals area into PR template Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-10-08 16:11:43 +02:00
Lorenzo Fontana	c76518c681	update: license headers Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com> Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-10-08 16:02:26 +02:00
Leo Di Donato	0043c4937b	docs: update COPYING Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-10-08 16:02:26 +02:00
Fahad Arshad	b951f2bb7d	fix(permissions): Restrict the access to /dev on underlying host to read only (with rbac) Signed-off-by: Fahad Arshad <fahad.arshad@hobsons.com>	2019-10-08 12:17:27 +02:00
Fahad Arshad	fcd1d60657	fix(permissions): Restrict the access to /dev on underlying host to read only Signed-off-by: Fahad Arshad <fahad.arshad@hobsons.com>	2019-10-08 12:17:27 +02:00
Mark Stemm	2bc4bfd7fb	Specify namespace compat w/ gcc 5 I wasn't able to compile the dev branch with gcc 5.4 (e.g. not using the builder), getting this error: ``` .../falco/userspace/falco/grpc_server.cpp:40:109: error: specialization of ‘template<class Request, class Response> void falco::grpc::request_stream_context<Request, Response>::start(falco::grpc::server)’ in different namespace [-fpermissive] void falco::grpc::request_stream_context<falco::output::request, falco::output::response>::start(server srv) ^ In file included from .../falco/userspace/falco/grpc_server.cpp:26:0: .../falco/userspace/falco/grpc_server.h:102:7: error: from definition of ‘template<class Request, class Response> void falco::grpc::request_stream_context<Request, Response>::start(falco::grpc::server)’ [-fpermissive] void start(server srv); ``` It looks like gcc 5.4 doesn't handle a declaration with namespace blocks but a definition with namespaces in the function. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56480 has more detail. A workaround is to add `namespace falco {` and `namespace grpc {` around the declarations. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>	2019-10-04 11:43:28 +02:00
Leonardo Di Donato	db3383180c	docs(userspace/falco): documenting the keepalive field of the outputs request Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-10-03 11:55:04 +02:00
kaizhe	cdb5d71eb6	rule update: add more comments Signed-off-by: kaizhe <derek0405@gmail.com>	2019-10-03 10:16:28 +02:00
kaizhe	e81decac13	rule update: fix missing entries Signed-off-by: kaizhe <derek0405@gmail.com>	2019-10-03 10:16:28 +02:00
kaizhe	a43ae037a9	rules update: add back rule Delete Bash History for backport compatibility Signed-off-by: kaizhe <derek0405@gmail.com>	2019-10-03 10:16:28 +02:00
Kris Nova	b2a57f376e	removing maintainers file Signed-off-by: Kris Nova <kris@nivenly.com>	2019-09-30 12:17:59 -07:00
Leonardo Di Donato	8a6c0b796c	fix(userspace/engine): guard lua state into falco engine Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-30 18:07:19 +02:00
Leonardo Di Donato	f0cd3344a2	fix(userspace/falco): guard lua state for falco outputs Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-30 18:07:19 +02:00
Lorenzo Fontana	3d8b7231f3	fix(userspace/falco): meta request should use the request field Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-09-30 16:55:24 +03:00
Lorenzo Fontana	221e1b53aa	fix(userspace/falco): remove redundant check for grpc outputs Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-09-30 16:55:24 +03:00
Lorenzo Fontana	b08341644a	update(changelog): prepare for v0.17.1 Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com> Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-09-26 16:14:25 +02:00
kaizhe	79a10ad90e	rules update: add fluent/fluentd-kubernetes-daemonset to clear log trusted images Signed-off-by: kaizhe <derek0405@gmail.com>	2019-09-26 13:56:59 +03:00
Leonardo Di Donato	c0721b3ac2	docs: document gRPC server and gRPC output service config options Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	98cdc30aa3	chore(userspace): addressing review comments and typos Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	732965f973	docs(userspace/falco): document output proto messages and service Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	905379c6da	update(userspace/falco): specify go packages into protobuf Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Lorenzo Fontana	e6deb59e3d	chore(userspace/falco): we don't support tags yet Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com> Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-09-25 16:43:32 +03:00
Lorenzo Fontana	eb8248fe04	chore(userspace/falco): better organization of schema and grpc server Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com> Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-09-25 16:43:32 +03:00
Lorenzo Fontana	6cf2ccf857	update(userspace/falco): falco_grpc_server is now just server Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com> Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-09-25 16:43:32 +03:00
Lorenzo Fontana	203226d347	new(userspace/falco): namespace for falco grpc Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com> Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-09-25 16:43:32 +03:00
Lorenzo Fontana	392499f024	new(userspace/falco): utils file definition with read function Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com> Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	b19cb3678f	fix(userspace/falco): pop output fields lua table and correctly check parameters on the stack Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	54b3aa9129	fix(userspace/falco): distinguish between sinsp and json events when resolving tokens Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	944b46cb67	new(userspace/engine): json event to map type Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Lorenzo Fontana	0565ce2f50	fix(userspace/falco): grpc server implementation subscribe handle output queue stop Signed-off-by: Lorenzo Fontana <lo@linux.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	d35971e1bc	update(userspace/engine): resolve token Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	836094b28e	chore: typos and miscellanea Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	c96f096821	new(userspace/falco): config certificates for the gRPC server Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	f7c19517de	update: grpc server disabled by default Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	6800fe2ec6	fix(userspace/falco): handle grpc server thread stop gracefully Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	495c30c87a	fix(userspace/falco): correcly log SIGINT handling (fixes #791 ) Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	b0acff30bd	new(userspace/falco): shutdown method for grpc server Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	6e2de3ce93	new(userspace/falco): read all the gRPC server configs Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	bc42c075cb	new: grpc server certificates config Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	b682f5c344	new: grpc server threadiness config Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	c389ec1b61	new(userspace/falco): store context metadata for future usage Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	21e588394f	new(userspace/falco): handle SIGHUP and SIGINT in the main process not in the spawned threads (grpc server) Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	3df53f6092	new(userspace/falco): grpc ssl server credentials Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	e1d092f408	build: use secure GRPC_LIB and GRPCPP_LIB Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00
Leonardo Di Donato	b94f7be3a8	new(userspace/falco): trasmit output event timestamp over gRPC Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>	2019-09-25 16:43:32 +03:00

... 5 6 7 8 9 ...

1646 Commits