github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-26 14:52:20 +00:00
Code Issues Projects Releases Wiki Activity
3,728 Commits 121 Branches 172 Tags 104 MiB
e47ece4de9
Commit Graph

3728 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lorenzo Susini
e47ece4de9 update(userspace/engine): address jasondellaluce comments 
- avoiding inspector to be allocated for each rule
- use two boolean values for expecting macros and lists
- move items of lists alongside name, under info
- use snake case for json output, like we do for e.g alerts
- correctly retrieve evt names
- consider two levels of lists for exception operators

Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
a269866976 test(unit_tests/engine): test filter_details_resolver class 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
1195b1e7f0 update(userspace/engine): better modularize the code for getting json details 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
e11b4c4430 update(userspace/engine): add event codes to json output 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
46cbc3c589 update(userspace/engine): add info about all macros and lists in -L option 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
e30729555b update(userspace/engine): add enabled information to json output 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
727aed0c03 update(userspace/engine): avoid solving macros AST at each cycle when getting details of all rules 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
c1623771d8 update(userspace/engine): correctly use describe rule based on config 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
9947962cb8 update(userspace/engine): let describe_rule function print out json details when requested 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Lorenzo Susini
a6542a6487 new(userspace/engine): introduce new class to get details about rules 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Federico Di Pierro
35a8a2e4d3 chore(ci): fixed up missing '\' chars. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Luca Guerra <luca@guerra.sh>
 2023-05-19 14:55:05 +02:00
Federico Di Pierro
9b96b34445 fix(ci): use normal docker to build docker images, instead of buildx. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-05-19 14:55:05 +02:00
Jason Dellaluce
2818f0906e update(cmake): bump plugins to latest dev versions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
c603055acf fix(userspace/engine): don't count async event for evttype warning 
Co-authored-by: Grzegorz Nosek <grzegorz.nosek@sysdig.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
2d53fed0b8 update(cmake): bump libs to 2e9e6346eefeddd0afce7b6a06cb42d4265615dd 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
4fab0d5e38 update(cmake): bump libs to 8f52cdc56fce7ff95adaaa58eeb706da244bf0ce 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
81c6564636 fix(ci): solve CI issues 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
0026471714 update(cmake): bump plugins to dev versions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
71e991b606 update(cmake): bump libs to b596458acb265028dbf0505ca45111e464470b4d 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
bb04892baf fix(userspace/falco): avoid double plugin initializations 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
9df72e0f2a fix(userspace/falco/app): properly populate filtercheck lists 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
4e8d1f025c fix(userspace/falco/app): skip unnecessary app steps 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
9bfce8cfae update(userspace): make sure that async event is always matched in rules 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
26d9448ba7 fix(ci): set cmake build type in Falco build jobs 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
fe299a0c9b update(cmake): bump driver to 5.0.0+driver 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
733ea88ab3 fix(userspace/falco): properly init configuration 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
b2615de062 new(userspace/falco/app): print a warning if multiple plugins for same source are loaded 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
0649be619b update(userspace/falco/app): support nodriver open mode and plugins sourcing system events 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
301c4efeb7 update(userspace/falco): support new plugin API definitions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
5175a04c6b update(userspace/engine): bump engine checksum 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
3681cacda1 new(userspace/falco): add new --nodriver option 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
6c7754729b update(CMakeLists): fix c++17 compilation issues 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
0e4595596e update(cmake): bump libs and driver to 0b9ca98fee2453a16f4538db55dcfa34bc8f5aef 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Stanley Chan
3403225d8d cleanup(docs): remove extraneous whitespace in falco.yaml 
Signed-off-by: Stanley Chan <pocketgamer5000@gmail.com>
 2023-05-18 15:49:03 +02:00
Stanley Chan
1125b92fc3 docs: improve documentation and description of base_syscalls option 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Stanley Chan <pocketgamer5000@gmail.com>
 2023-05-18 15:49:03 +02:00
Aizhamal Nurmamat kyzy
52fe77cf5c Update brand/README.md 
Adding the proper link to the brand guides

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Aizhamal Nurmamat kyzy <aizhamal@google.com>
 2023-05-18 15:24:04 +02:00
Aizhamal Nurmamat kyzy
47cb32998e Adding back the information on Falco branding. 
Signed-off-by: Aizhamal Nurmamat kyzy <aizhamal@sysdig.com>
 2023-05-18 15:24:04 +02:00
Aizhamal Nurmamat kyzy
455e4346cd Update brand/README.md 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Aizhamal Nurmamat kyzy <aizhamal@google.com>
 2023-05-18 15:24:04 +02:00
Aizhamal Nurmamat kyzy
67993c8fa3 Updating Falco branding guidelines 
Signed-off-by: Aizhamal Nurmamat kyzy <aizhamal@sysdig.com>
 2023-05-18 15:24:04 +02:00
dependabot[bot]
6f198556be build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `f773578` to `6da15ae`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](f7735788b1...6da15ae98c)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-18 09:11:03 +02:00
Andrea Terzolo
696fa43dc2 cleanup(actions): now modern bpf support -A flag 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-05-17 12:19:00 +02:00
Federico Di Pierro
7414c2d161 fix(ci): properly pass FALCO_VERSION loaded from extern to docker build for centos7 and arm64 builds. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-05-17 12:16:00 +02:00
Federico Di Pierro
9c483adafa fix(cmake): properly exclude prereleases when fetching latest tag from cmake. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-05-17 12:16:00 +02:00
Federico Di Pierro
577bccabd0 new(scripts): updated falco-driver-loader to properly support talos. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-05-16 16:49:55 +02:00
Luca Guerra
09b5cb7c7b fix(ci): load falco image before building falco-driver-loader 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-05-15 15:35:24 +02:00
Luca Guerra
92f884e070 new(ci): sign releases with cosign 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-05-12 16:03:43 +02:00
Luca Guerra
60a006f0b1 fix(ci): correctly tag slim manifest 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-05-12 14:27:42 +02:00
Luca Guerra
ea0b44dc56 fix(ci): simplify and fix multi-arch image publishing process 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-05-12 12:28:43 +02:00
Andrea Terzolo
e83dbe85f7 cleanup(config): modern bpf is no more experimental 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-05-12 12:27:45 +02:00
Luca Guerra
f5c7574eba update(ci): fail on non-semver release 
Signed-off-by: Luca Guerra <luca@guerra.sh>
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
 2023-05-10 11:05:10 +02:00