github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-26 06:42:08 +00:00
Code Issues Projects Releases Wiki Activity
4,513 Commits 121 Branches 172 Tags 104 MiB
f18ea1e8b7
Commit Graph

4513 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henri DF
2d6c6d7d2d Merge pull request #16 from draios/more-service-rules 
More service rules
 2016-03-29 19:36:44 -07:00
Henri DF
cfb6e56877 Merge pull request #15 from draios/error-handling-improvements 
Minor error handling improvements
 2016-03-29 19:32:56 -07:00
Henri DF
aea9b0054b Minor error handling improvements 2016-03-29 19:31:34 -07:00
Henri DF
08afde0858 Add mysql rules 2016-03-29 22:16:15 +00:00
Henri DF
1e003fc0a6 Add more services to rules file 
(HBase, Kafka, Memcached, MongoDB)
 2016-03-29 22:16:15 +00:00
Henri DF
1d1a14acf9 Tweak comments in rules file 2016-03-29 22:16:15 +00:00
Henri DF
019e76114e Merge pull request #14 from draios/fast-ins 
Use new sysdig support for fast processing of in-exprs
 2016-03-29 14:59:24 -07:00
Henri DF
faf36cd8d7 Use new sysdig support for fast processing of in-exprs 2016-03-24 14:25:48 -07:00
Henri DF
85772a387b Merge pull request #13 from draios/paren-optimization 
Optimization: don't nest at every boolean op
 2016-03-18 13:11:34 -07:00
Henri DF
aa31d0a0fb Optimization: don't nest at every boolean op 2016-03-18 13:10:07 -07:00
Henri DF
bbcedef54a Some tweaks to rules 2016-03-18 13:09:17 -07:00
Henri DF
9043c89a9b Nice formatting when printing ASTs 2016-03-16 13:00:03 -07:00
Henri DF
6a504c924c Add a bunch of rules for service ports 2016-03-11 14:38:16 -08:00
Henri DF
773bc3f5d0 rules tweaks 2016-03-10 16:59:37 -08:00
Henri DF
44adb46529 Rules tweaks 2016-03-08 19:02:45 +00:00
Henri DF
7104d52466 minor cmakefile cleanup 2016-03-07 17:27:20 -08:00
Henri DF
8c7cc61793 fix luajit dependency 2016-03-07 17:19:28 -08:00
Henri DF
b8a16aab85 fix re.lua permissions 2016-03-08 01:15:43 +00:00
Henri DF
f4c7bb8f72 un-hardcode LUA_INCLUDE in cmake file 2016-03-08 01:15:43 +00:00
Henri DF
972c84707f Mo rules 2016-03-07 16:35:13 -08:00
Henri DF
a14087dc94 .gitignore 2016-03-06 15:16:13 -08:00
Henri DF
79e4af09ca Merge pull request #12 from draios/build-lpeg 
Build lpeg
 2016-03-04 17:55:58 -08:00
Henri DF
8c6bb8a236 Set Lua cpath along with path 2016-03-04 17:54:18 -08:00
Henri DF
cc4837312e Pull lpeg and build it 2016-03-04 17:52:01 -08:00
Henri DF
9bbe692137 Some more progress on rules 2016-03-03 16:14:14 -08:00
Henri DF
e7adc4e1f5 Remove cruft from CMakeLists.txt 2016-03-03 16:13:32 -08:00
Henri DF
331042858f Initial version of outputs.lua 2016-03-03 16:13:08 -08:00
Henri DF
7593aac4c9 .gitignore 2016-03-03 16:11:57 -08:00
Henri DF
5f681b1bd8 Signal handlers and clean(er) exit 2016-03-04 00:11:09 +00:00
Henri DF
a921e25385 Tweaks to base.txt 2016-03-04 00:10:57 +00:00
Henri DF
b700a85b05 Add ssh alert 2016-03-04 00:10:48 +00:00
Henri DF
ea158baa8d Fix error string 2016-03-02 22:24:12 +00:00
Henri DF
9c4bfecd40 Progress on base rules 2016-03-02 22:24:12 +00:00
Henri DF
33ad92e98b Fix typo-bug in lua code 2016-03-01 22:01:45 -08:00
Henri DF
f0da1c724b formats.cpp: print lua error string (like elsewherE) 2016-03-01 22:01:14 -08:00
Henri DF
a52441dcaa Some updates to base rules file 2016-03-01 20:10:52 -08:00
Henri DF
8343d23c3f remove debugging print from rules_loader.lua 2016-03-01 20:10:34 -08:00
Henri DF
2eb02a9597 Merge pull request #11 from draios/digwatch_fields 
Digwatch fields
 2016-03-01 13:55:00 -08:00
Henri DF
26fcf3415d Add digwatch.fields() to Lua API 2016-03-01 21:54:20 +00:00
Henri DF
3195c8abea formats.{cpp,h}: Get rid of global vars 2016-03-01 21:54:18 +00:00
Henri DF
0cdbdf9215 minor include cleanups 2016-03-01 10:49:19 -08:00
Henri DF
3feaa86db0 Merge pull request #10 from draios/support-function-outputs 
Support function outputs
 2016-02-29 20:38:45 -08:00
Henri DF
6a99c1a978 Basic support for function calls in outputs 2016-02-29 20:15:50 -08:00
Henri DF
1b7a5bd119 compiler: keep source in FunctionCall ASTs 2016-02-29 13:37:16 -08:00
Henri DF
55b2490314 coding convention 2016-02-28 21:14:46 -08:00
Henri DF
1c04ed7874 rework digwatch event output handling 
the high-level change is that events matching a rule are now send into a
lua "on_event" function for handling, rather than doing the handling
down in c++.

more specifics:

before, the lua "load_rule" function registered formatters with
associated IDs with the c++ side, which later used this state to
reconcile events with formats and print output accordingly.

now, no such state is kept on the c++ side. the lua "load_rule" function
maintains the id->formatters map, and uses it to print outputs when it
receives events.

this change simplifies the existing flow and will also make the forthcoming
implementation of function outputs far simpler than it would have been
in the current setup.
 2016-02-28 21:06:29 -08:00
Henri DF
f71de57a90 fix unused vars warning in digwatch.cpp 2016-02-28 20:28:47 -08:00
Henri DF
31a0065c3c Example ruleset 2016-02-28 16:19:47 -08:00
Henri DF
c695051990 rule_loader.lua: comments cleanups 2016-02-28 23:50:10 +00:00
Henri DF
fe880c2c53 Merge pull request #9 from draios/grammar-output-functioncalls 
Function calls in outputs (grammar only)
 2016-02-28 14:30:31 -08:00