github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-27 15:17:50 +00:00
Code Issues Projects Releases Wiki Activity
3,367 Commits 121 Branches 172 Tags 104 MiB
e5f3b724a5
Commit Graph

3367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Melissa Kilby
e5f3b724a5 update(docs): reference Falco default rules overview markdown document 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-12-15 16:46:20 +01:00
Melissa Kilby
f04ff10bd7 new(rules): init rules_inventory/ 
* add ad-hoc python script to generate Falco default rules overview markdown document
* init rules_inventory/rules_overview.md doc

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-12-15 16:46:20 +01:00
Melissa Kilby
6afe9d9200 update(rules): ehanced rules tagging for inventory / threat modeling 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2022-12-15 16:46:20 +01:00
cappellinsamuele
cec135b4b6 fix(ci): fix rpm sign job dependencies 
Signed-off-by: cappellinsamuele <cappellinsamuele@gmail.com>
 2022-12-15 16:32:20 +01:00
Leonardo Grasso
73b9273472 chore(scripts): rename env var 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-12-15 16:19:20 +01:00
Andrea Bonanno
7e52db2b42 update(script): makes user able to pass additional custom option to driver-loader curl command 
Signed-off-by: Andrea Bonanno <andrea@bonanno.cloud>
 2022-12-15 16:19:20 +01:00
Federico Di Pierro
a1d68e848f chore(scripts): avoid failing if mkdir/cp/depmod fail. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
d0ac5981a7 update(scripts): typo 
Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
380dd23a60 update(scripts): typo 
Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
4c550bbe06 chore(scripts): manage dialog cancel button, and increase dialog vertical size to comprehend all of 5 options. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
76c8a645f1 chore(scripts): properly configure falco-kmod dependency on falco-kmod-inject with PartOf. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Andrea Terzolo
5bb566d613 fix: stop also falco-kmod-inject.service unit 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-15 14:09:19 +01:00
Andrea Terzolo
ee08c4d3de update: remove falco target 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
988256d930 fix(scripts): fixed rpm dialog script. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
a94f26ec43 chore(scripts): fallback at previous insmod method, if modprobe fails. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
d4d2777876 fix(scripts): fixed PartOf in bpf and modern-bpf systemd units. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
4fc10bc774 chore(scripts,cmake): rename modern_bpf to modern-bpf in deb and rpm scripts. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
87416ab67c chore(scripts): try to install kmod system wide. 
Then, we can always use `modprobe` to load it instead of `insmod`.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
01f4af480d fix(scripts): fixed some debian issues by directly using systemctl tool. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
cb20cf83ff new(scripts, cmake): added support for modern bpf probe. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
c6f668bc71 cleanup(scripts, cmake): fix switch in deb and rpm postinst scripts. 
Cleanup cmake cpackgenerator options.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
1570e9f235 chore(scripts, cmake): add falco-plugin.service to install files. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
cbea78b283 fix(scripts): by default, do not enable any driver. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
ca55e70a33 chore: make dontstart default dialog selection. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
4596c919a6 fix(scripts): improve gcc skip logic. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
4e57670599 chore(scripts): add back a dontstart option. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
91fe2e9e24 chore(scripts): added support for falco@plugin.target. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
b04bb2e32e chore(scripts): renamed Don't Start to Plugin. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
e26aa6a385 chore(scripts): when running in non-interactive mode, do not enable neither start any driver. 
Eg: when building Falco docker image, and installing Falco package, we don't want it to build any driver.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
818f717622 chore(scripts,cmake): dialog is an optional dep, do not list it among deps. 
Cleaned up unused vars in postinst scripts.
Finally, only show dialog window in interactive shells.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
9232383616 chore(cmake): dkms is actually needed by falco driver loader. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
41ffc90633 cleanup(scripts): allow falco-driver-loader script to manage more gcc versions. 
AmazonLinux uses `gcc-$Vers`, like gcc-10, but our regex prevented that to work.
Instead, rely on the fact that **real** gcc has some `--version` fixed output.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
b6078ce1be new(scripts): allow rpm/deb users to decide at configure time which driver to use (kmod or ebpf). 
Manage it via a bash dialog interface.
Moreover, use falco-driver-loader instead of dkms to build bpf/kmod after package install.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
06fe9e6985 new(scrips): improve systemd units for rpm and debian. 
Unify them; plus, rework systemd units to support eBPF too.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Oscar Utbult
f43e6c445a rules: add OpenSSH private key to macro private_key_or_password 
Signed-off-by: Oscar Utbult <oscar.utbult@gmail.com>
 2022-12-15 13:36:18 +01:00
Nicolas-Peiffer
1f15af1e4f feat: Support for detecting outbound connection to c2 servers with FQDN domains and IP addresses. 
Signed-off-by: Nicolas-Peiffer <102670102+Nicolas-Peiffer@users.noreply.github.com>

feat: Support for detecting outbound connection to c2 servers with FQDN domains and IP addresses.

doc: add comment

Fixing DCO append amend

Signed-off-by: Nicolas-Peiffer <102670102+Nicolas-Peiffer@users.noreply.github.com>

Revert to original C2 rule name

Signed-off-by: Nicolas-Peiffer <102670102+Nicolas-Peiffer@users.noreply.github.com>

modify comments on C2 rule

Signed-off-by: Nicolas-Peiffer <102670102+Nicolas-Peiffer@users.noreply.github.com>

comment

Signed-off-by: Nicolas-Peiffer <102670102+Nicolas-Peiffer@users.noreply.github.com>

clean comments

Signed-off-by: Nicolas-Peiffer <102670102+Nicolas-Peiffer@users.noreply.github.com>

clean comments

Signed-off-by: Nicolas-Peiffer <102670102+Nicolas-Peiffer@users.noreply.github.com>

modify stdout

Signed-off-by: thedetective <nicolas@lrasc.fr>
 2022-12-15 13:27:18 +01:00
Andrea Terzolo
39753b6130 update(ci): remove 2 usages of falco-builder 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-15 12:31:19 +01:00
Andrea Terzolo
b758206cf1 cleanup(ci): remove some no more useful jobs 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-15 12:31:19 +01:00
Leonardo Grasso
9c04622bd6 chore(proposals): fix typo found by FedeDP 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-12-14 17:32:14 +01:00
Leonardo Grasso
0200ec288e chore(proposals): fix typo found by codespell 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-12-14 17:32:14 +01:00
Leonardo Grasso
50c169987e docs(proposal): new artifacts distribution proposal 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-12-14 17:32:14 +01:00
Jason Dellaluce
5552bcab76 chore: fix typo 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-12-13 15:06:10 +01:00
Jason Dellaluce
cb58ea9c57 test: add regression tests for ref loops in lists and macros 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-12-13 15:06:10 +01:00
Jason Dellaluce
0a6db28783 fix(test/engine): solve compilation issues with macro resolver 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-12-13 15:06:10 +01:00
Jason Dellaluce
25ddc3c6a2 update(userspace/engine): broader err catching support in macro resolver 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-12-13 15:06:10 +01:00
Jason Dellaluce
35dd0fc153 fix(userspace/engine): implement loop detection in macro resolver 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-12-13 15:06:10 +01:00
Federico Di Pierro
0c39776557 chore(ci): properly checkout pull request HEAD instead of merge commit in gh actions. 
See https://github.com/actions/checkout#checkout-pull-request-head-commit-instead-of-merge-commit.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-12 11:11:44 +01:00
Federico Di Pierro
4696948754 fix(cmake): properly fetch dev version by appending latest Falco tag, delta between master and tag, and hash. 
`describe` can no more be used as tags are now made on release branches.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-12 11:11:44 +01:00
dependabot[bot]
ec04b758e6 chore(deps): Bump certifi from 2020.4.5.1 to 2022.12.7 in /test 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2020.4.5.1 to 2022.12.7.
- [Release notes](https://github.com/certifi/python-certifi/releases)
- [Commits](https://github.com/certifi/python-certifi/compare/2020.04.05.1...2022.12.07)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-12 11:01:44 +01:00
Andrea Terzolo
52ee61b800 chore(userspace): add njson lib as a dependency for falco_engine 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-10 17:07:06 +01:00