Federico Di Pierro
e4cbffc35b
update(userpsace/engine): update engine checksum and version.
...
See https://github.com/falcosecurity/libs/pull/2047 .
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-10-21 16:01:59 +02:00
poiana
5749517c4e
update(cmake): update libs and driver to latest master.
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-10-21 16:01:59 +02:00
Mark Stemm
e99b11e793
Make enable()/disable() virtual so they can be overridden
...
Subclasses might want to also see when rules are enabled/disabled.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
2024-10-16 12:01:37 +02:00
Federico Di Pierro
c19b637e36
fix(ci): fixed shasum computation for bump-libs CI.
...
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-10-15 16:16:37 +02:00
Luca Guerra
fb01b6d927
cleanup(falco): deprecate -b --print-base64
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-10-10 17:37:18 +02:00
Luca Guerra
4501b64b9d
new(falco): add buffer_format_base64
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-10-10 17:37:18 +02:00
dependabot[bot]
e04deeabe5
chore(deps): Bump submodules/falcosecurity-rules
...
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules ) from `e38fb3f` to `407e997`.
- [Release notes](https://github.com/falcosecurity/rules/releases )
- [Commits](e38fb3f6a7...407e99721f
2024-10-10 10:35:17 +02:00
Luca Guerra
dfa6b9b88e
chore(falco): deprecated -A
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-10-10 10:26:16 +02:00
Luca Guerra
3b28450171
new(falco): add base_syscalls.all option to falco.yaml
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-10-10 10:26:16 +02:00
Federico Di Pierro
b242f90510
chore(ci): use redhat advised method to check rpmsign success.
...
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-10-10 10:17:17 +02:00
Mark Stemm
80b7de6d90
Add a test for compile_output::clone() for derived type
...
Add a test for checking that compile_output::clone() returns equal
values, specifically in the case of derived values.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
2024-10-10 09:20:17 +02:00
Mark Stemm
5f13a9be08
Add equality operators for indexed_vector/falco_{list,macro,rule}
...
Add an equality operator for indexed_vector.
As indexed_vectors commonly hold falco lists/macros/rules, also add
equality operators for those structs. For condition/sinsp_filter
shared_ptrs, the operator checks that the shared_ptrs point to the
same underlying memory.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
2024-10-10 09:20:17 +02:00
Mark Stemm
093d9234a5
Add a compile_output::clone() method that can be overridden
...
Add a clone() method that can be overridden by subclasses. This allows
copying compile state when needed in a way that preserves
polymorphism.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
2024-10-10 09:20:17 +02:00
Federico Di Pierro
c55adf38b4
chore(userspace/engine): fix build warning.
...
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-10-09 16:26:14 +02:00
Federico Di Pierro
3e24606c11
new(ci): use zig compiler instead of relying on centos7.
...
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-10-09 16:26:14 +02:00
Federico Di Pierro
93e5292f2f
update(changelog): updated changelog for 0.39.1.
...
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-10-09 10:54:14 +02:00
Luca Guerra
a754601cb6
update(tests): add tests for plugin init_config
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-10-08 12:06:08 +02:00
Luca Guerra
6721a6b9cf
fix(engine): allow null init_config for plugin info
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-10-08 12:06:08 +02:00
Federico Di Pierro
7b2feb1f73
fix(ci): fixed bump-libs workflow syntax.
...
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-10-07 17:49:04 +02:00
Luca Guerra
c7c0246ca8
fix(engine): disable comma separated vectors in cxxopts
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-10-07 13:24:04 +02:00
Federico Di Pierro
5141bddedd
new(ci): add a workflow to automatically bump libs on each monday.
...
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-10-07 11:35:03 +02:00
Luca Guerra
478514940f
update(falco): deprecated -S --snaplen option
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-10-07 11:33:03 +02:00
Luca Guerra
ef79648037
new(falco): add falco_libs.snaplen option
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-10-07 11:33:03 +02:00
Federico Di Pierro
f72e6a59ad
fix(userspace/falco): fix event set selection for plugin with parsing capability.
...
In live mode we need to use the source_info inspectors instead of the offline inspector.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-10-07 09:56:02 +02:00
dependabot[bot]
257938291d
chore(deps): Bump submodules/falcosecurity-rules
...
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules ) from `b6ad373` to `e38fb3f`.
- [Release notes](https://github.com/falcosecurity/rules/releases )
- [Commits](b6ad373719...e38fb3f6a7
2024-10-03 10:22:43 +02:00
Federico Di Pierro
41f20fd07a
cleanup(userspac/falco): drop deprecated options.
...
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-10-02 14:49:40 +02:00
Aldo Lacuku
6997c96306
update(changelog): add changelog for falco 0.39.0
...
Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
2024-10-01 12:00:35 +02:00
Luca Guerra
17e61450db
cleanup(falco): reformat options::define
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-09-30 17:50:32 +02:00
Luca Guerra
683df327ac
fix(falco): allow disable_cri_async from both CLI and config
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-09-30 15:33:32 +02:00
Luca Guerra
262aa9a003
cleanup(falco): ignore lint commit
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-09-30 13:59:32 +02:00
Poiana
50b98b30e5
chore(falco): apply code formatting
...
Signed-off-by: Poiana <poiana.bot@gmail.com>
2024-09-30 13:25:31 +02:00
Andrea Terzolo
11bac9dbd2
update: ignore_some_files
...
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
2024-09-30 11:10:32 +02:00
Luca Guerra
c235f5b576
chore(build): update libs to 0.18.1 (master branch)
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-09-27 12:25:21 +02:00
Leonardo Di Giovanna
3a6d1c8c5d
feat(stats): add host_netinfo networking information stats family
...
Introduce host_netinfo stats family to hold information regarding host
networking. At the moment, it only provides ipv4 and ipv6 addresses
list for each interface available on the host. The naming schema for
the introduced stats is
falco.host_netinfo.interfaces.<ifname>.protocols.<ipv4|ipv6>.addresses.
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
2024-09-26 15:50:16 +02:00
Luca Guerra
70c10ee7e0
fix(engine): sync outputs before printing stats at shutdown
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-09-23 16:58:01 +02:00
Leonardo Di Giovanna
d3a67c10bd
cleanup(falco_metrics): remove unused falco_utils import
...
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
2024-09-23 15:38:01 +02:00
Leonardo Di Giovanna
5ba94a36bd
fix(falco_metrics): remove ifinfo_json stat/metric
...
Using JSON as value prevents any meaningful aggregation for the stats.
Splitting these information into multiple labels can drastically
increase the number of dimensions, as the number of interfaces and
addresses can be high in some environment. Moreover, these information
are not currently refreshed, even if they can frequently change. Given
these reasons, remove ifinfo_json from stats and metrics.
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
2024-09-23 15:38:01 +02:00
Leonardo Di Giovanna
00b35cfd81
fix(falco_metrics)!: use full name for configs and rules files
...
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
2024-09-23 15:38:01 +02:00
Leonardo Di Giovanna
d77f768692
fix(falco_metrics)!: split tags label into multiple tag_ labels
...
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
2024-09-23 15:38:01 +02:00
Luca Guerra
50f4bc172d
update(tests): add test for plugin init_config map
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-09-20 09:55:49 +02:00
Luca Guerra
1a4a29348f
fix(falco): allow plugin init_config map in json schema
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-09-20 09:55:49 +02:00
Federico Di Pierro
78f56190b4
fix(userspace/falco): properly account for plugin with CAP_PARSING when computing interesting sc set.
...
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-09-19 17:40:48 +02:00
Leonardo Di Giovanna
d66c4ceb23
update(systemd): add falco.service alias to all systemd units
...
Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
2024-09-18 15:44:53 +02:00
Federico Di Pierro
ad13cb6014
update(cmake): bump libs to 0.18.0 and driver to 7.3.0+driver.
...
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-09-18 10:28:52 +02:00
Federico Di Pierro
6f1a741c7e
chore(userspace/falco): deprecate cri related CLI options.
...
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-09-18 09:35:52 +02:00
Federico Di Pierro
fa701dd52f
fix(userspace/engine): improve rule json schema to account for source and required_plugin_versions.
...
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-09-17 17:34:51 +02:00
Federico Di Pierro
6b634df56e
update(cmake): bump libs and driver to 0.18.0-rc2.
...
Moreover, bumped falcoctl to v0.10.0 and rules to 3.2.0.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2024-09-16 16:04:48 +02:00
Luca Guerra
037d7f9b36
cleanup(falco): use a header file for rule json schema
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-09-16 09:59:46 +02:00
Luca Guerra
ed4fb33981
cleanup(falco): use header file for json schema
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-09-16 09:59:46 +02:00
Luca Guerra
cd0d607f14
update(falco): add warning if the append condition does not appear to make sense
...
Signed-off-by: Luca Guerra <luca@guerra.sh>
2024-09-13 15:58:36 +02:00
