Adding falco script from install docs

Signed-off-by: Kris Nova <kris@nivenly.com>

CONTRIBUTING.md

@@ -9,6 +9,8 @@
   - [Pull Requests](#pull-requests)
     - [Commit convention](#commit-convention)
       - [Rule type](#rule-type)
+  - [Coding Guidelines](#coding-guidelines)
+    - [C++](#c)
   - [Developer Certificate Of Origin](#developer-certificate-of-origin)
 
 ## Code of Conduct
@@ -120,6 +122,13 @@ If you are changing only a macro, the commit will look like this:
 rule(macro user_known_write_monitored_dir_conditions): make sure conditions are great
 ```
 
+## Coding Guidelines
+
+### C++
+
+* File `userspace/engine/banned.h` defines some functions as invalid tokens. These functions are not allowed to be used in the codebase. Whenever creating a new cpp file, include the `"banned.h"` headers. This ensures that the banned functions are not compiled.
+
+  A complete list of banned functions can be found [here](./userspace/engine/banned.h).
 
 ## Developer Certificate Of Origin
 

scripts/install-falco.sh

@@ -0,0 +1,200 @@
+#!/bin/bash
+#
+# Copyright (C) 2013-2018 Draios Inc dba Sysdig.
+#
+# This file is part of falco .
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+set -e
+
+function install_rpm {
+	if ! hash curl > /dev/null 2>&1; then
+		echo "* Installing curl"
+		yum -q -y install curl
+	fi
+
+	if ! yum -q list dkms > /dev/null 2>&1; then
+		echo "* Installing EPEL repository (for DKMS)"
+		if [ $VERSION -eq 8 ]; then
+			rpm --quiet -i https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
+		elif [ $VERSION -eq 7 ]; then
+			rpm --quiet -i https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+		else
+			rpm --quiet -i https://mirrors.kernel.org/fedora-epel/6/i386/epel-release-6-8.noarch.rpm
+		fi
+	fi
+
+	echo "* Installing falco public key"
+	rpm --quiet --import https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public
+	echo "* Installing falco repository"
+	curl -s -o /etc/yum.repos.d/draios.repo https://s3.amazonaws.com/download.draios.com/stable/rpm/draios.repo
+	echo "* Installing kernel headers"
+	KERNEL_VERSION=$(uname -r)
+	if [[ $KERNEL_VERSION == *PAE* ]]; then
+		yum -q -y install kernel-PAE-devel-${KERNEL_VERSION%.PAE} || kernel_warning
+	elif [[ $KERNEL_VERSION == *stab* ]]; then
+		# It's OpenVZ kernel and we should install another package
+		yum -q -y install vzkernel-devel-$KERNEL_VERSION || kernel_warning
+	elif [[ $KERNEL_VERSION == *uek* ]]; then
+		yum -q -y install kernel-uek-devel-$KERNEL_VERSION || kernel_warning
+	else
+		yum -q -y install kernel-devel-$KERNEL_VERSION || kernel_warning
+	fi
+	echo "* Installing falco"
+	yum -q -y install falco
+}
+
+function install_deb {
+	export DEBIAN_FRONTEND=noninteractive
+
+	if ! hash curl > /dev/null 2>&1; then
+		echo "* Installing curl"
+		apt-get -qq -y install curl < /dev/null
+	fi
+
+	echo "* Installing Sysdig public key"
+	curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add -
+	echo "* Installing falco repository"
+	curl -s -o /etc/apt/sources.list.d/draios.list https://s3.amazonaws.com/download.draios.com/stable/deb/draios.list
+	apt-get -qq update < /dev/null
+	echo "* Installing kernel headers"
+	apt-get -qq -y install linux-headers-$(uname -r) < /dev/null || kernel_warning
+	echo "* Installing falco"
+	apt-get -qq -y install falco < /dev/null
+}
+
+function unsupported {
+	echo 'Unsupported operating system. Please consider writing to the mailing list at'
+	echo 'https://groups.google.com/forum/#!forum/sysdig or trying the manual'
+	echo 'installation.'
+	exit 1
+}
+
+function kernel_warning {
+	echo "Unable to find kernel development files for the current kernel version" $(uname -r)
+	echo "This usually means that your system is not up-to-date or you installed a custom kernel version."
+	echo "The installation will continue but you'll need to install these yourself in order to use falco."
+	echo 'Please write to the mailing list at https://groups.google.com/forum/#!forum/sysdig'
+	echo "if you need further assistance."
+}
+
+if [ $(id -u) != 0 ]; then
+	echo "Installer must be run as root (or with sudo)."
+	exit 1
+fi
+
+echo "* Detecting operating system"
+
+ARCH=$(uname -m)
+if [[ ! $ARCH = *86 ]] && [ ! $ARCH = "x86_64" ] && [ ! $ARCH = "s390x" ]; then
+	unsupported
+fi
+
+if [ $ARCH = "s390x" ]; then
+	echo "------------"
+	echo "WARNING: A Docker container is the only officially supported platform on s390x"
+	echo "------------"
+fi
+
+if [ -f /etc/debian_version ]; then
+	if [ -f /etc/lsb-release ]; then
+		. /etc/lsb-release
+		DISTRO=$DISTRIB_ID
+		VERSION=${DISTRIB_RELEASE%%.*}
+	else
+		DISTRO="Debian"
+		VERSION=$(cat /etc/debian_version | cut -d'.' -f1)
+	fi
+
+	case "$DISTRO" in
+
+		"Ubuntu")
+			if [ $VERSION -ge 10 ]; then
+				install_deb
+			else
+				unsupported
+			fi
+			;;
+
+		"LinuxMint")
+			if [ $VERSION -ge 9 ]; then
+				install_deb
+			else
+				unsupported
+			fi
+			;;
+
+		"Debian")
+			if [ $VERSION -ge 6 ]; then
+				install_deb
+			elif [[ $VERSION == *sid* ]]; then
+				install_deb
+			else
+				unsupported
+			fi
+			;;
+
+		*)
+			unsupported
+			;;
+
+	esac
+
+elif [ -f /etc/system-release-cpe ]; then
+	DISTRO=$(cat /etc/system-release-cpe | cut -d':' -f3)
+
+	# New Amazon Linux 2 distro
+	if [[ -f /etc/image-id ]]; then
+		AMZ_AMI_VERSION=$(cat /etc/image-id | grep 'image_name' | cut -d"=" -f2 | tr -d "\"")
+	fi
+
+	if [[ "${DISTRO}" == "o" ]] && [[ ${AMZ_AMI_VERSION} = *"amzn2"* ]]; then
+		DISTRO=$(cat /etc/system-release-cpe | cut -d':' -f4)
+	fi
+
+	VERSION=$(cat /etc/system-release-cpe | cut -d':' -f5 | cut -d'.' -f1 | sed 's/[^0-9]*//g')
+
+	case "$DISTRO" in
+
+		"oracle" | "centos" | "redhat")
+			if [ $VERSION -ge 6 ]; then
+				install_rpm
+			else
+				unsupported
+			fi
+			;;
+
+		"amazon")
+			install_rpm
+			;;
+
+		"fedoraproject")
+			if [ $VERSION -ge 13 ]; then
+				install_rpm
+			else
+				unsupported
+			fi
+			;;
+
+		*)
+			unsupported
+			;;
+
+	esac
+
+else
+	unsupported
+fi
+
+modprobe -r falco_probe

userspace/engine/banned.h

@@ -21,5 +21,30 @@ limitations under the License.
 // function is used.
 #define BAN(function) using_##function##_is_banned
 
+// BAN_ALTERNATIVE is same as BAN but the message also provides an alternative
+// function that the user could use instead of the banned function.
+#define BAN_ALTERNATIVE(function, alternative) using_##function##_is_banned__use_##alternative##_instead
+
 #undef strcpy
 #define strcpy(a, b) BAN(strcpy)
+
+#undef vsprintf
+#define vsprintf(a, b, c) BAN_ALTERNATIVE(vsprintf, vsnprintf)
+
+#undef sprintf
+#define sprintf(a, b, ...) BAN_ALTERNATIVE(sprintf, snprintf)
+
+#undef strcat
+#define strcat(a, b) BAN(strcat)
+
+#undef strncat
+#define strncat(a, b, c) BAN(strncat)
+
+#undef strncpy
+#define strncpy(a, b, c) BAN(strncpy)
+
+#undef swprintf
+#define swprintf(a, b, c, ...) BAN_ALTERNATIVE(swprintf, snprintf)
+
+#undef vswprintf
+#define vswprintf(a, b, c, d) BAN_ALTERNATIVE(vswprintf, vsnprintf)

userspace/engine/falco_common.cpp

@@ -18,7 +18,7 @@ limitations under the License.
 
 #include "config_falco_engine.h"
 #include "falco_common.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 std::vector<std::string> falco_common::priority_names = {
 	"Emergency",

userspace/engine/falco_engine.cpp

@@ -32,7 +32,7 @@ extern "C" {
 }
 
 #include "utils.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 
 string lua_on_event = "on_event";

userspace/engine/falco_utils.cpp

@@ -18,7 +18,7 @@ limitations under the License.
 */
 
 #include "falco_utils.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 namespace falco
 {

userspace/engine/formats.cpp

@@ -18,7 +18,7 @@ limitations under the License.
 
 #include "formats.h"
 #include "falco_engine.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 
 sinsp* falco_formats::s_inspector = NULL;

userspace/engine/json_evt.cpp

@@ -21,7 +21,7 @@ limitations under the License.
 
 #include "falco_common.h"
 #include "json_evt.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 using json = nlohmann::json;
 using namespace std;

userspace/engine/rules.cpp

@@ -24,7 +24,7 @@ extern "C" {
 }
 
 #include "falco_engine.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 const static struct luaL_reg ll_falco_rules [] =
 {

userspace/engine/ruleset.cpp

@@ -15,7 +15,7 @@ limitations under the License.
 */
 
 #include "ruleset.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 using namespace std;
 

userspace/engine/token_bucket.cpp

@@ -20,7 +20,7 @@ limitations under the License.
 
 #include "token_bucket.h"
 #include "utils.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 token_bucket::token_bucket():
 	token_bucket(sinsp_utils::get_current_time_ns)

userspace/falco/configuration.cpp

@@ -23,7 +23,7 @@ limitations under the License.
 
 #include "configuration.h"
 #include "logger.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 using namespace std;
 

userspace/falco/event_drops.cpp

@@ -15,7 +15,7 @@ limitations under the License.
 */
 
 #include "event_drops.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 syscall_evt_drop_mgr::syscall_evt_drop_mgr():
 	m_num_syscall_evt_drops(0),

userspace/falco/falco.cpp

@@ -45,7 +45,7 @@ limitations under the License.
 #include "statsfilewriter.h"
 #include "webserver.h"
 #include "grpc_server.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 typedef function<void(sinsp* inspector)> open_t;
 

userspace/falco/falco_outputs.cpp

@@ -23,7 +23,7 @@ limitations under the License.
 #include "formats.h"
 #include "logger.h"
 #include "falco_output_queue.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 using namespace std;
 using namespace falco::output;

userspace/falco/grpc_context.cpp

@@ -17,7 +17,7 @@ limitations under the License.
 #include <sstream>
 
 #include "grpc_context.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 falco::grpc::context::context(::grpc::ServerContext* ctx):
 	m_ctx(ctx)

userspace/falco/grpc_server.cpp

@@ -24,7 +24,7 @@ limitations under the License.
 #include "grpc_server.h"
 #include "grpc_request_context.h"
 #include "utils.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 #define REGISTER_STREAM(req, res, svc, rpc, impl, num)                          \
 	std::vector<request_stream_context<svc, req, res>> rpc##_contexts(num); \

userspace/falco/grpc_server_impl.cpp

@@ -17,7 +17,7 @@ limitations under the License.
 #include "config_falco.h"
 #include "grpc_server_impl.h"
 #include "falco_output_queue.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 bool falco::grpc::server_impl::is_running()
 {

userspace/falco/logger.cpp

@@ -19,7 +19,7 @@ limitations under the License.
 #include "chisel_api.h"
 
 #include "falco_common.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 const static struct luaL_reg ll_falco [] =
 {
@@ -131,12 +131,8 @@ void falco_logger::log(int priority, const string msg)
 		{
 			char buf[sizeof "YYYY-MM-DDTHH:MM:SS-0000"];
 			struct tm *gtm = std::gmtime(&result);
-			if(gtm == NULL ||
-			   (strftime(buf, sizeof(buf), "%FT%T%z", gtm) == 0))
-			{
-				sprintf(buf, "N/A");
-			}
-			else
+			if(gtm != NULL &&
+			   (strftime(buf, sizeof(buf), "%FT%T%z", gtm) != 0))
 			{
 				fprintf(stderr, "%s: %s", buf, msg.c_str());
 			}

userspace/falco/statsfilewriter.cpp

@@ -18,7 +18,7 @@ limitations under the License.
 #include <signal.h>
 
 #include "statsfilewriter.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 using namespace std;
 

userspace/falco/utils.cpp

@@ -15,7 +15,7 @@ limitations under the License.
 */
 
 #include "utils.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 void falco::utils::read(const std::string& filename, std::string& data)
 {

userspace/falco/webserver.cpp

@@ -20,7 +20,7 @@ limitations under the License.
 #include "falco_common.h"
 #include "webserver.h"
 #include "json_evt.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used
 
 using json = nlohmann::json;
 using namespace std;