github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-04-06 03:52:14 +00:00
Code Issues Projects Releases Wiki Activity

Commit Graph

  • 927c1c4126 new(falco): enable gVisor event collection Luca Guerra 2022-06-20 14:47:40 +00:00
  • 1966fa1f91 update(falco): update libs to 0.7.0-rc2, 2.0.0-rc1+driver Luca Guerra 2022-07-01 09:38:28 +00:00
  • e4fe6a3353 chore(cmake): bump plugins versions Andrea Terzolo 2022-06-29 14:59:48 +02:00
  • 610b67838b fix(docker): fixed deb tester sub image. Federico Di Pierro 2022-06-29 10:08:43 +02:00
  • effabf533d test(plugins): drop macro source warning test Jason Dellaluce 2022-06-24 15:47:58 +00:00
  • 3c2effb498 refactor(userspace/engine): remove source field from macros in rule loader Jason Dellaluce 2022-06-24 15:46:30 +00:00
  • 555bf9971c fix(test): update expected test result for docker-compose scap file Jason Dellaluce 2022-06-23 15:26:25 +00:00
  • c309107949 fix(test): correct "incompat_plugin_api" expectation Leonardo Grasso 2022-06-23 15:14:23 +02:00
  • b6245d77c7 update(rules): lower priority to noisy rule (after the dup improvement) Leonardo Grasso 2022-06-23 15:10:00 +02:00
  • 2f208b52fc fix(userspace/falco/app_actions/print_version.cpp): correct getter call for schema version Leonardo Grasso 2022-06-23 12:08:01 +02:00
  • f3bc178e40 fix(userspace/falco/app_actions/print_version.cpp): ensure destructor gets invoked Leonardo Grasso 2022-06-23 12:06:48 +02:00
  • 308f001b87 chore(cmake/modules): remove leftover Leonardo Grasso 2022-06-23 11:53:28 +02:00
  • fda9fb36de update(userspace/falco): add more info to --version output Leonardo Grasso 2022-06-23 11:36:46 +02:00
  • 92fdbbcc52 update(userspace/falco): do not print driver version by default Leonardo Grasso 2022-06-23 11:36:08 +02:00
  • 4b694896a4 build: temporarily bump libs and driver Leonardo Grasso 2022-06-23 10:46:38 +02:00
  • d589ec2144 build(cmake/modules): dedicated cmake module for the driver Leonardo Grasso 2022-06-22 16:59:19 +02:00
  • 6c08fa2a20 build(cmake/modules): divorce driver from falcosecurity-libs module Leonardo Grasso 2022-06-22 16:45:23 +02:00
  • 9af20a000d chore(cmake/modules): duplicate git history (part 2) Leonardo Grasso 2022-06-22 15:31:29 +02:00
  • 7e1e7c2e42 chore(cmake/modules): duplicate git history (part 1) Leonardo Grasso 2022-06-22 15:30:53 +02:00
  • 1f2e6d4629 chore(cmake/modules): indentation Leonardo Grasso 2022-06-22 15:25:57 +02:00
  • 85ca1eb3dd fix(app_actions): perform validate_rules before load_rules action Mark Stemm 2022-06-22 12:14:33 -07:00
  • 5dce4d2025 fix(tests): make tests run locally (take 2) Luca Guerra 2022-06-23 07:44:51 +00:00
  • d90421387f update(rules): add macro for dup syscalls Aldo Lacuku 2022-06-20 15:03:19 +02:00
  • 07b4d5a47a fix(rules): use exit event in reverse shell detection rule Aldo Lacuku 2022-06-20 10:33:44 +02:00
  • 8a1f43f284 remove kaizhe from falco rule owner Kaizhe Huang 2022-06-08 16:26:23 +00:00
  • fcac635780 update(OWNERS): add Federico Di Pierro to owners. Federico Di Pierro 2022-06-15 18:13:50 +02:00
  • 5d10e54ad4 fix(ci): fix sign script - avoid interpreting {*}$argv Vicente J. Jiménez Miras 2022-06-20 11:48:03 +02:00
  • 5f17b7bd41 fix(ci): creates ~/sign instead of ./sign Vicente JJ. Miras 2022-06-17 18:49:24 +02:00
  • 9231fe3c1f chore(ci): improved rpm command to check for SHA256 sign. Federico Di Pierro 2022-06-16 12:43:50 +02:00
  • 99784874eb chore(ci): small refactor. Federico Di Pierro 2022-06-16 11:41:04 +02:00
  • a3c8fa85d4 fix(ci): sign arm64 rpm packages. Federico Di Pierro 2022-06-16 10:21:30 +02:00
  • bcda81f700 update(falco_scripts): Change Flatcar dynlinker path Jeremi Piotrowski 2022-06-15 15:41:55 +02:00
  • 1e5ef912de chore: improve falco.yaml comments Jason Dellaluce 2022-06-10 15:24:46 +00:00
  • 50039316ce update(userspace/falco): make plugin configuration more robust Jason Dellaluce 2022-06-10 12:19:11 +00:00
  • eb365f1a3e new(userspace/falco): add action and option to print detailed plugin info Jason Dellaluce 2022-06-10 11:48:04 +00:00
  • 625201f9f6 Add Java compatibility note joon 2022-06-07 23:18:24 -07:00
  • 583ac4192c rule(Java Process Class Download): detect potential successful log4shell exploitation joon 2022-06-05 18:00:33 -07:00
  • 85f91a3ec4 update(falco_scripts): support pre-built module/probe on Flatcar Jeremi Piotrowski 2022-06-07 17:12:04 +02:00
  • 6d56571e23 update(docker,falco_scripts): fix kernel module build on Flatcar Jeremi Piotrowski 2022-06-07 16:55:57 +02:00
  • 9d7153e119 fix(tests): make run_regression_tests.sh work locally Luca Guerra 2022-05-25 10:49:36 +00:00
  • 4097661ba8 fix(scripts): fixed path in publish-deb script. Federico Di Pierro 2022-06-10 22:11:13 +02:00
  • 83700d6d6a update(build): Switch from RSA/SHA1 to RSA/SHA256 signature in the RPM packages Vicente J. Jiménez Miras 2022-06-07 23:16:17 +02:00
  • fccd3fa7b6 new(scripts): support InRelease file creation for publish-deb script. Federico Di Pierro 2022-06-10 16:37:12 +02:00
  • 1327c796d0 fix(scripts): fixed falco-driver-loader driver download url. Federico Di Pierro 2022-06-10 08:56:46 +02:00
  • c782655a53 Fix rule linting stephanmiehe 2022-06-09 10:41:57 -07:00
  • ba6c86696f fix(build): docker-container buildx engine does not support retagging images. Tag all images together. Federico Di Pierro 2022-06-10 11:02:32 +02:00
  • 9d2aba240d fix(build): fixed publish-docker-dev job context. Federico Di Pierro 2022-06-10 08:52:19 +02:00
  • b059e83dd2 fix(scripts): fixed publish-deb script with manual arch filter. Federico Di Pierro 2022-06-09 17:12:10 +02:00
  • 6a034c17e0 fix(scripts): forcefully create packages dir for debian packages. Federico Di Pierro 2022-06-09 15:00:52 +02:00
  • e6f99a61c9 chore(falco): fix indentation Aldo Lacuku 2022-06-09 12:13:53 +02:00
  • 7b83943059 fix(falco): compilation issues with new libs version Aldo Lacuku 2022-06-09 11:43:29 +02:00
  • 2111699a96 chore(engine): bump falco engine version number to 13 Aldo Lacuku 2022-06-09 11:41:55 +02:00
  • b6d0607716 chore(cmake): bump falco-security libs version to 075da069af359954122ed7b8a9fc98bc7bcf3116 Aldo Lacuku 2022-06-09 11:39:31 +02:00
  • 1c83a449bc fix(build): removed leftover line in circleci config. Federico Di Pierro 2022-06-09 11:33:41 +02:00
  • 534f66e601 fix(build): fixed circleCI artifacts publish for arm64. Federico Di Pierro 2022-06-09 09:34:46 +02:00
  • a98bf52345 update(docker): updated falco-builder to fix multiarch support. Federico Di Pierro 2022-06-08 17:04:39 +02:00
  • aad70f3de2 fix(.circleci): correct command for build-arm64 Leonardo Grasso 2022-06-08 19:16:40 +02:00
  • 4aa0fe1b95 ARM64 build odidev 2022-05-09 10:01:01 +00:00
  • 0ebc7cd969 ARM64 build odidev 2022-05-05 11:33:36 +00:00
  • 4f759b6b2b fix(build): use apt instead of apk when installing deps for aws ecr publish. Federico Di Pierro 2022-06-08 13:57:12 +02:00
  • ca677db651 update(build): avoid double build of docker images when pushing to aws ecr. Federico Di Pierro 2022-06-08 12:13:49 +02:00
  • 0a98e11428 fix(build): try to use root user for cimg/base. Federico Di Pierro 2022-06-08 10:26:09 +02:00
  • 7068e9958f tests(k8s_audit_plugin): fix a k8s_audit_plugin test Andrea Terzolo 2022-06-07 15:23:01 +02:00
  • e5af3899f9 chore(k8s_audit_plugin): bump k8s_audit_plugin version Andrea Terzolo 2022-06-07 15:22:11 +02:00
  • 3f29660258 update(scripts): ported publish-deb and publish-rpm scripts to be multi arch. Federico Di Pierro 2022-05-13 11:31:33 +02:00
  • 62794966b1 update(build): updated circle ci to properly use docker buildx to build multiplatform images. Federico Di Pierro 2022-05-06 10:19:29 +02:00
  • 984b94f734 new(docker,scripts): port all docker images to be multiarch ready. Federico Di Pierro 2022-05-04 16:36:26 +02:00
  • f9b0568187 update(changelog): added 0.32.0 release notes. 0.32.0 Federico Di Pierro 2022-06-01 14:54:47 +02:00
  • 13eb8d2d48 update(build): updated plugins to latest versions. Federico Di Pierro 2022-06-01 13:59:00 +02:00
  • 7a774f6b2e chore(userpace/falco): do not print error code in process_events.cpp Aldo Lacuku 2022-05-31 17:16:52 +02:00
  • 3fef329d11 update(build): updated libs to 39ae7d40496793cf3d3e7890c9bbdc202263836b for Falco 0.32.0. Federico Di Pierro 2022-05-31 17:26:55 +02:00
  • 9392c0295a fix(falco-scripts): remove driver versions with dkms-3.0.3 Andrea Terzolo 2022-05-30 12:20:50 +02:00
  • 765ef5daaf chore(userspace/falco): fix punctuation typo in output message when loading plugins Aldo Lacuku 2022-05-30 08:57:52 +02:00
  • 9f163f3fe0 Update rules/falco_rules.yaml Matan Monitz 2022-05-25 19:31:51 +03:00
  • 4c95c717d2 known_shell_spawn_cmdlines - lighttpd Matan Monitz 2022-05-10 13:17:55 +03:00
  • 54a2f7bdaa rule(macro net_miner_pool): additional syscall for detection beryxz 2022-05-23 14:38:59 +02:00
  • eb9a9c6e7d update(build): updated libs to 1be924900a09cf2e4db4b4ae13d03d838959f350 Federico Di Pierro 2022-05-26 17:41:58 +02:00
  • 75712caa9a fix(test): dropped file:// from k8s audit log tests. Federico Di Pierro 2022-05-26 11:52:01 +02:00
  • db5f1bec3d update(cmake): updated plugins. Federico Di Pierro 2022-05-26 11:48:08 +02:00
  • 1d343c93f3 update(build): updated libs version for Falco 0.32.0 release. Federico Di Pierro 2022-05-26 08:54:10 +02:00
  • 3b462af58e fix(userspace/falco): enable k8s and mesos clients only when syscall source is enabled Jason Dellaluce 2022-05-25 11:08:34 +00:00
  • 09eae35f3a refactor(userspace/falco): create action for initializing k8s and mesos clients (step 2) Jason Dellaluce 2022-05-25 10:57:26 +00:00
  • 383b8f9660 refactor(userspace/falco): create action for initializing k8s and mesos clients Jason Dellaluce 2022-05-25 10:56:05 +00:00
  • 9b5e9fd04e wip: another try test/libs/pr/213 Leonardo Grasso 2022-05-25 17:49:17 +02:00
  • 786c0abd85 wip: test libs#213 (on a rebased branch) Leonardo Grasso 2022-05-25 15:20:29 +02:00
  • f5358a3291 wip: testing a libs branch Leonardo Grasso 2022-05-25 15:14:20 +02:00
  • 13d70b65ae update(userspace/engine): rename ruleset.h in filter_ruleset.h Jason Dellaluce 2022-05-24 14:33:32 +00:00
  • 9fd10220a5 update(userspace/falco): sync falco with new engine definitions Jason Dellaluce 2022-05-23 13:50:24 +00:00
  • 0abd7eaa28 refactor(userspace/engine): refactor engine interface and internals Jason Dellaluce 2022-05-23 13:49:36 +00:00
  • 5ddc8e20f4 test(userspace/engine): adapt test_rulesets to new definitions Jason Dellaluce 2022-05-23 10:35:35 +00:00
  • a1bdf95a0f refactor(userspace/engine): improve ruleset interface definitions Jason Dellaluce 2022-05-23 10:17:05 +00:00
  • 833fec8537 refactor(userspace/engine): leverage falco_rule def in stats manager Jason Dellaluce 2022-05-23 10:03:22 +00:00
  • 50c2aa9c81 refactor(userspace/engine): update rule loader to use new filter_ruleset interface Jason Dellaluce 2022-04-14 14:12:27 +00:00
  • f41f51f736 refactor(userspace/engine): update falco engine to use new ruleset interface and have one ruleset for each source Jason Dellaluce 2022-04-14 14:06:46 +00:00
  • 3af8d1c0d2 refactor(userspace/engine): adapt existing ruleset implementation to new filter_ruleset interface Jason Dellaluce 2022-04-14 14:02:31 +00:00
  • bbbdb311e0 refactor(userspace/engine): introduce interface for rulesets and their factory Jason Dellaluce 2022-04-14 13:58:41 +00:00
  • d860472987 update(userspace/falco): improve falco termination Andrea Terzolo 2022-05-23 17:34:48 +02:00
  • 3a3d5dfdcd Update userspace/falco/app_actions/load_rules_files.cpp Andrea Terzolo 2022-05-23 14:34:01 +02:00
  • 46159b8de9 update(userspace/engine): introduce new check_plugin_requirements API Andrea Terzolo 2022-05-23 11:27:39 +02:00
  • e751bf79c3 fix(userspace/engine): improve rule loader source checks for macros and lists Andrea Terzolo 2022-05-23 11:43:17 +02:00