Merge branch 'dev' into agent-master

Allow Lua sample_dir to be passed to falco_engine constructor
FALCO_ENGINE_SOURCE_LUA_DIR is still the default but can be overridden now.
2026-03-28 15:42:55 +00:00 · 2018-08-17 14:08:04 -07:00 · 2018-08-16 21:36:08 +02:00 · 2018-08-13 09:43:26 -07:00 · 2018-08-07 15:26:49 -07:00 · 2018-07-31 12:05:00 -07:00
9 changed files with 53 additions and 10 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,14 @@

 This file documents all notable changes to Falco. The release numbering uses [semantic versioning](http://semver.org).

+## v0.11.1
+
+Released 2018-07-31
+
+## Bug Fixes
+
+* Fix a problem that caused the kernel module to not load on certain kernel versions [[#397](https://github.com/draios/falco/pull/397)] [[#394](https://github.com/draios/falco/issues/394)]
+
 ## v0.11.0

 Released 2018-07-24
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -78,8 +78,10 @@ else()
        set(ZLIB_INCLUDE "${ZLIB_SRC}")
        set(ZLIB_LIB "${ZLIB_SRC}/libz.a")
        ExternalProject_Add(zlib
-		URL "http://s3.amazonaws.com/download.draios.com/dependencies/zlib-1.2.8.tar.gz"
-		URL_MD5 "44d667c142d7cda120332623eab69f40"
+		# START CHANGE for CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
+		URL "http://s3.amazonaws.com/download.draios.com/dependencies/zlib-1.2.11.tar.gz"
+                URL_MD5 "1c9f62f0778697a09d36121ead88e08e"
+		# END CHANGE for CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
 		CONFIGURE_COMMAND "./configure"
 		BUILD_COMMAND ${CMD_MAKE}
 		BUILD_IN_SOURCE 1
@@ -215,8 +217,10 @@ else()
 	message(STATUS "Using bundled openssl in '${OPENSSL_BUNDLE_DIR}'")

 	ExternalProject_Add(openssl
-		URL "http://s3.amazonaws.com/download.draios.com/dependencies/openssl-1.0.2j.tar.gz"
-		URL_MD5 "96322138f0b69e61b7212bc53d5e912b"
+		# START CHANGE for CVE-2017-3735, CVE-2017-3731, CVE-2017-3737, CVE-2017-3738, CVE-2017-3736
+		URL "http://s3.amazonaws.com/download.draios.com/dependencies/openssl-1.0.2n.tar.gz"
+                URL_MD5 "13bdc1b1d1ff39b6fd42a255e74676a4"
+		# END CHANGE for CVE-2017-3735, CVE-2017-3731, CVE-2017-3737, CVE-2017-3738, CVE-2017-3736
 		CONFIGURE_COMMAND ./config shared --prefix=${OPENSSL_INSTALL_DIR}
 		BUILD_COMMAND ${CMD_MAKE}
 		BUILD_IN_SOURCE 1
@@ -246,8 +250,10 @@ else()

 	ExternalProject_Add(curl
 		DEPENDS openssl
-		URL "http://s3.amazonaws.com/download.draios.com/dependencies/curl-7.56.0.tar.bz2"
-		URL_MD5 "e0caf257103e0c77cee5be7e9ac66ca4"
+		# START CHANGE for CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007
+		URL "http://s3.amazonaws.com/download.draios.com/dependencies/curl-7.60.0.tar.bz2"
+		URL_MD5 "bd2aabf78ded6a9aec8a54532fd6b5d7"
+		# END CHANGE for CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007
 		CONFIGURE_COMMAND ./configure ${CURL_SSL_OPTION} --disable-shared --enable-optimize --disable-curldebug --disable-rt --enable-http --disable-ftp --disable-file --disable-ldap --disable-ldaps --disable-rtsp --disable-telnet --disable-tftp --disable-pop3 --disable-imap --disable-smb --disable-smtp --disable-gopher --disable-sspi --disable-ntlm-wb --disable-tls-srp --without-winssl --without-darwinssl --without-polarssl --without-cyassl --without-nss --without-axtls --without-ca-path --without-ca-bundle --without-libmetalink --without-librtmp --without-winidn --without-libidn --without-nghttp2 --without-libssh2 --disable-threaded-resolver
 		BUILD_COMMAND ${CMD_MAKE}
 		BUILD_IN_SOURCE 1
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@

 #### Latest release

-**v0.11.0**
+**v0.11.1**
 Read the [change log](https://github.com/draios/falco/blob/dev/CHANGELOG.md)

 Dev Branch: [![Build Status](https://travis-ci.org/draios/falco.svg?branch=dev)](https://travis-ci.org/draios/falco)<br />
--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@@ -54,6 +54,15 @@ RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public |
 RUN rm -df /lib/modules \
 && ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules

+# debian:unstable head contains binutils 2.31, which generates
+# binaries that are incompatible with kernels < 4.16. So manually
+# forcibly install binutils 2.30-22 instead.
+RUN curl -s -o binutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils_2.30-22_amd64.deb \
+ && curl -s -o libbinutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/libbinutils_2.30-22_amd64.deb \
+ && curl -s -o binutils-x86-64-linux-gnu_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-x86-64-linux-gnu_2.30-22_amd64.deb \
+ && curl -s -o binutils-common_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-common_2.30-22_amd64.deb \
+ && dpkg -i *binutils*.deb
+
 COPY ./docker-entrypoint.sh /

 ENTRYPOINT ["/docker-entrypoint.sh"]
--- a/docker/local/Dockerfile
+++ b/docker/local/Dockerfile
@@ -50,6 +50,15 @@ RUN rm -df /lib/modules \
 ADD falco-${FALCO_VERSION}-x86_64.deb /
 RUN dpkg -i /falco-${FALCO_VERSION}-x86_64.deb

+# debian:unstable head contains binutils 2.31, which generates
+# binaries that are incompatible with kernels < 4.16. So manually
+# forcibly install binutils 2.30-22 instead.
+RUN curl -s -o binutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils_2.30-22_amd64.deb \
+ && curl -s -o libbinutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/libbinutils_2.30-22_amd64.deb \
+ && curl -s -o binutils-x86-64-linux-gnu_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-x86-64-linux-gnu_2.30-22_amd64.deb \
+ && curl -s -o binutils-common_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-common_2.30-22_amd64.deb \
+ && dpkg -i *binutils*.deb
+
 COPY ./docker-entrypoint.sh /

 ENTRYPOINT ["/docker-entrypoint.sh"]
--- a/docker/stable/Dockerfile
+++ b/docker/stable/Dockerfile
@@ -53,6 +53,15 @@ RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public |
 RUN rm -df /lib/modules \
 && ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules

+# debian:unstable head contains binutils 2.31, which generates
+# binaries that are incompatible with kernels < 4.16. So manually
+# forcibly install binutils 2.30-22 instead.
+RUN curl -s -o binutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils_2.30-22_amd64.deb \
+ && curl -s -o libbinutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/libbinutils_2.30-22_amd64.deb \
+ && curl -s -o binutils-x86-64-linux-gnu_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-x86-64-linux-gnu_2.30-22_amd64.deb \
+ && curl -s -o binutils-common_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-common_2.30-22_amd64.deb \
+ && dpkg -i *binutils*.deb
+
 COPY ./docker-entrypoint.sh /

 ENTRYPOINT ["/docker-entrypoint.sh"]
--- a/userspace/engine/falco_engine.cpp
+++ b/userspace/engine/falco_engine.cpp
@@ -39,7 +39,7 @@ string lua_print_stats = "print_stats";

 using namespace std;

-falco_engine::falco_engine(bool seed_rng)
+falco_engine::falco_engine(bool seed_rng, const std::string& source_dir)
 	: m_rules(NULL), m_next_ruleset_id(0),
 	  m_min_priority(falco_common::PRIORITY_DEBUG),
 	  m_sampling_ratio(1), m_sampling_multiplier(0),
@@ -48,7 +48,7 @@ falco_engine::falco_engine(bool seed_rng)
 	luaopen_lpeg(m_ls);
 	luaopen_yaml(m_ls);

-	falco_common::init(m_lua_main_filename.c_str(), FALCO_ENGINE_SOURCE_LUA_DIR);
+	falco_common::init(m_lua_main_filename.c_str(), source_dir.c_str());
 	falco_rules::init(m_ls);

 	m_evttype_filter.reset(new sinsp_evttype_filter());
--- a/userspace/engine/falco_engine.h
+++ b/userspace/engine/falco_engine.h
@@ -27,6 +27,7 @@ along with falco.  If not, see <http://www.gnu.org/licenses/>.

 #include "rules.h"

+#include "config_falco_engine.h"
 #include "falco_common.h"

 //
@@ -38,7 +39,7 @@ along with falco.  If not, see <http://www.gnu.org/licenses/>.
 class falco_engine : public falco_common
 {
 public:
-	falco_engine(bool seed_rng=true);
+	falco_engine(bool seed_rng=true, const std::string& rules_dir=FALCO_ENGINE_SOURCE_LUA_DIR);
 	virtual ~falco_engine();

 	//
--- a/userspace/falco/CMakeLists.txt
+++ b/userspace/falco/CMakeLists.txt
@@ -5,6 +5,7 @@ include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libscap")
 include_directories("${PROJECT_SOURCE_DIR}/../sysdig/userspace/libsinsp")
 include_directories("${PROJECT_SOURCE_DIR}/userspace/engine")
 include_directories("${PROJECT_BINARY_DIR}/userspace/falco")
+include_directories("${PROJECT_BINARY_DIR}/userspace/engine")
 include_directories("${CURL_INCLUDE_DIR}")
 include_directories("${YAMLCPP_INCLUDE_DIR}")
 include_directories("${DRAIOS_DEPENDENCIES_DIR}/yaml-${DRAIOS_YAML_VERSION}/target/include")
Author	SHA1	Message	Date
Thom van Os	323213fe0f	Merge branch 'dev' into agent-master	2018-08-17 14:08:04 -07:00
Grzegorz Nosek	071e7dff17	Allow Lua sample_dir to be passed to falco_engine constructor FALCO_ENGINE_SOURCE_LUA_DIR is still the default but can be overridden now.	2018-08-16 21:36:08 +02:00
vani-pareek	e8ba42cae4	Falco fixes for SMBACK-1611 for vulnerability CVE-2016-9840, CVE-201… (#402 ) * Falco fixes for SMBACK-1611 for vulnerability CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-3735, CVE-2017-3731, CVE-2017-3737, CVE-2017-3738, CVE-2017-3736, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007 * sysdig-CLA-1.0-contributing-entity: Calsoft Inc sysdig-CLA-1.0-signed-off-by: Vani Pareek <vani.pareek@calsoftinc.com> Falco fixes for SMBACK-1611 for vulnerability CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-3735, CVE-2017-3731, CVE-2017-3737, CVE-2017-3738, CVE-2017-3736, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007	2018-08-13 09:43:26 -07:00
Thom van Os	9c2e422803	Merge branch 'dev' into agent-master	2018-08-07 15:26:49 -07:00
Mark Stemm	24ca38a819	Prepare for 0.11.1 (#399 ) Noting bug fix and bumping version.	2018-07-31 12:05:00 -07:00
Mark Stemm	ab0413a9ee	Downgrade binutils in docker image (#397 ) debian:unstable head contains binutils 2.31, which generates binaries that are incompatible with kernels < 4.16. To fix this, after installing everything, downgrade binutils to 2.30-22. This has to be done as the last step as it introduces conflicts in other dependencies of the various gcc versions and some of the packages already in the image.	2018-07-31 10:44:47 -07:00
Thom van Os	e62b25a8fb	Merge branch 'dev' into agent-master	2018-07-10 14:00:56 -07:00
Thom van Os	b2412302e6	Merge branch 'dev' into agent-master	2018-06-26 10:57:06 -07:00
Brett Bertocci	a0331c9602	Merge branch 'dev' into agent-master	2018-05-16 16:08:05 -07:00
Thom van Os	cb5db7486b	Merge branch 'dev' into agent-master	2018-05-04 11:14:44 -07:00
Luca Marturana	c30c5a7a62	Merge branch 'dev' into agent-master	2018-04-26 13:17:01 -07:00
Brett Bertocci	2b75439d08	Merge branch 'dev' into agent-master	2018-04-23 07:10:44 -07:00
Anoop Gupta	b99a4e5ccf	Merge remote-tracking branch 'origin/dev' into agent-master	2018-04-04 15:29:24 -07:00
Brett Bertocci	05c4ba1842	Merge branch 'dev' into agent-master	2018-03-08 14:47:06 -08:00
Brett Bertocci	45d467656f	Merge branch 'dev' into agent-master	2018-03-08 12:38:44 -08:00
Thom van Os	3912e6e44b	Merge branch 'dev' into agent-master	2018-01-30 14:51:13 -08:00
Anoop Gupta	958c0461bb	Merge remote-tracking branch 'origin/dev' into agent-master	2018-01-25 15:05:25 -08:00
Brett Bertocci	19db7890b3	Merge branch 'dev' into agent-master	2018-01-11 17:25:47 -08:00
Mark Stemm	1c9f86bdd8	Merge branch 'dev' into agent-master	2017-12-13 13:35:57 -08:00
Luca Marturana	e0458cba67	Merge branch 'dev' into agent-master	2017-12-04 11:18:18 +01:00
Mark Stemm	cd2b210fe3	Merge branch 'dev' into agent-master	2017-11-28 09:18:58 -08:00
Luca Marturana	5ac3e7d074	Merge branch 'dev' into agent-master	2017-11-21 12:18:56 +01:00
Brett Bertocci	d321666ee5	Merge branch 'dev' into agent-master	2017-11-10 14:08:13 -08:00
Luca Marturana	09d570d985	Merge branch 'dev' into agent-master	2017-10-27 14:31:48 +02:00
Luca Marturana	5844030bcb	Merge branch 'dev' into agent-master the commit.	2017-10-19 11:03:45 +02:00
Luca Marturana	31482c2a18	Merge branch 'dev' into agent-master	2017-10-12 13:33:08 +02:00
Mark Stemm	498d083980	Merge branch 'dev' into agent-master	2017-09-25 10:58:36 -07:00
Luca Marturana	6fd7f0d628	Merge branch 'dev' into agent-master	2017-08-23 10:30:27 +02:00
Thom van Os	d6fe29b47d	Merge branch 'dev' into agent-master	2017-07-27 14:04:16 -07:00
Riccardo Schirone	a71cbcd7ee	Merge branch 'dev' into agent-master	2017-07-03 12:18:10 +02:00
Mark Stemm	99d6bccc81	Merge branch 'dev' into agent-master	2017-06-06 10:13:23 -07:00
Brett	f92f74eaa8	Merge branch 'dev' into agent-master	2017-05-05 12:01:57 -07:00
Luca Marturana	d42d0e2dd1	Merge branch 'dev' into agent-master	2017-04-14 14:57:56 +02:00
Luca Marturana	135b4d9975	Merge branch 'dev' into agent-master	2017-03-30 14:46:44 +02:00
Luca Marturana	a25166b7ac	Merge branch 'dev' into agent-master	2017-03-20 15:45:29 +01:00
Luca Marturana	800a3f1ea1	Merge branch 'dev' into agent-master	2017-02-21 11:47:36 +01:00
Luca Marturana	31464de885	Merge branch 'dev' into agent-master	2017-02-07 11:06:22 +01:00
Luca Marturana	9b308d2793	Merge branch 'dev' into agent-master	2017-02-02 12:35:47 +01:00
Luca Marturana	a99f09da96	Merge branch 'dev' into agent-master	2017-01-31 11:47:33 +01:00
Luca Marturana	1e0ddba11a	Merge branch 'dev' into agent-master	2017-01-25 18:08:35 +01:00
Luca Marturana	b6d1101cb6	Merge branch 'agent-master' into dev	2017-01-17 10:55:07 +01:00