github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-04-04 11:02:16 +00:00
Code Issues Projects Releases Wiki Activity

Commit Graph

  • 23213ae148 adding asapp as an adopter Santi Friquet 2021-04-08 12:49:55 -03:00
  • 04110b0f4c chore(scripts): restore mount of debugfs (notes below) Leonardo Di Donato 2021-04-08 15:19:02 +00:00
  • 17ee409ac6 chore(scripts): better default values in the help message of falco-driver-loader Leonardo Di Donato 2021-04-08 15:07:49 +00:00
  • 71b2b5adde chore(scripts): remove banner about BPF JIT kernel config option Leonardo Di Donato 2021-04-02 14:49:46 +00:00
  • 75261d4518 update(scripts): look for a prebuilt Falco eBPF probe before trying to compile one Leonardo Di Donato 2021-03-29 15:44:10 +00:00
  • 2a7b32e279 update(scripts): look for a prebuilt Falco module before trying to compile it on-the-fly Leonardo Di Donato 2021-03-29 10:50:38 +00:00
  • 4b0333cc08 update(docker/falco): SKIP_MODULE_LOAD not supported anymore - use SKIP_DRIVER_LOADER Leonardo Di Donato 2021-03-26 13:55:04 +00:00
  • cdeafa6fdc docs(test): express that grpcurl and virtualenv are needed Lorenzo Fontana 2021-04-08 15:13:01 +02:00
  • 36378371ab update(test): update performance tests fixture URL Leonardo Grasso 2021-04-07 15:48:05 +02:00
  • aeca36bdaf update(test): update regression tests fixture URL Leonardo Grasso 2021-04-07 15:47:54 +02:00
  • 7998560dcb chore(README): correct comments Leonardo Grasso 2021-03-26 16:51:58 +01:00
  • c587fadbce chore(scripts): typos Leonardo Grasso 2021-03-26 16:51:16 +01:00
  • 9e50e87ebc chore: remove "cleanup" script and job Leonardo Grasso 2021-03-26 16:46:51 +01:00
  • 3da5dfa67b Properly parse numbers in condition fields Mark Stemm 2021-03-30 11:57:01 -07:00
  • 8c9d4f49d5 fix(falco/test): bump pyyaml from 5.3.1 to 5.4 Leo Di Donato 2021-03-29 11:23:30 +02:00
  • f2c12bbf9c fix(.circleci): tar must be present in the image Leonardo Grasso 2021-03-29 10:38:08 +02:00
  • 0b69f210c4 fix(.circleci): correct job dependency Leonardo Grasso 2021-03-26 15:16:24 +01:00
  • 002a2e34dd fix(.circleci): tar package is required by circleci Leonardo Grasso 2021-03-26 14:44:01 +01:00
  • ef75c63e63 chore(scripts): print versions at the beginning Leonardo Grasso 2020-11-17 17:40:26 +01:00
  • fb126cb730 feat(scripts): --clean option for falco-driver-loader Leonardo Grasso 2020-11-17 17:33:41 +01:00
  • 645f51b296 new(scripts): falco-driver-loader know the Falco version it has been built for Leonardo Di Donato 2020-11-16 12:00:02 +00:00
  • d912cf0d94 docs(scripts): falco-driver-loader outputs the Falco version it has been built for, also the driver version in use Leonardo Di Donato 2020-11-16 11:59:09 +00:00
  • 3f75f27410 docs(scripts): improve help of falco-driver-loader script Leonardo Di Donato 2020-11-16 11:51:40 +00:00
  • 1504e77f4e update(scripts): falco-driver-loader can now start with a custom driver name Leonardo Di Donato 2020-11-16 11:51:04 +00:00
  • 40edfe66ba fix(docker/no-driver): handle urlencoding Leonardo Grasso 2021-03-22 16:28:49 +01:00
  • f800d4a101 docs: update links and badges for download.falco.org Leonardo Grasso 2021-03-16 09:01:59 +01:00
  • 4f1a2418fe build(.circleci): publish packages to S3 Leonardo Grasso 2021-03-12 18:01:56 +01:00
  • 442011d07e build(.circleci): publish dev packages to S3 Leonardo Grasso 2021-03-11 15:02:07 +01:00
  • 70ee1093d8 build(docker): fetch packages from download.falco.org Leonardo Grasso 2021-03-11 15:31:07 +01:00
  • 3936740390 build(scripts): add cloudfront invalidation for publishing scripts Leonardo Grasso 2021-03-12 13:23:04 +01:00
  • 9bc04fd02d build(scripts): publishing script for DEBs Leonardo Grasso 2021-03-11 14:50:09 +01:00
  • b6ac6de227 build(scripts): publishing script for RPMs Leonardo Grasso 2021-03-10 15:08:59 +01:00
  • 5ebb653977 build(scripts): publishing script for bin packages Leonardo Grasso 2021-03-10 10:12:36 +01:00
  • 167c5bc691 fix: update rule description stevenshuang 2021-03-23 17:06:22 +08:00
  • 1ded30f173 update(test): tighten the condition to test the drops thresholds Leonardo Di Donato 2021-03-22 13:51:09 +00:00
  • 7edd965a08 fix(test/confs): drop log messages are debug, fix the test fixture accordingly Leonardo Di Donato 2021-03-22 13:50:11 +00:00
  • 920ab6982a new(test): test cases about wrong threshold drop config value Leonardo Di Donato 2021-03-19 17:53:31 +00:00
  • 3842e07422 update(userspace/falco): drop messages are DEBUG level Leonardo Di Donato 2021-03-19 17:52:55 +00:00
  • 7bc5fcf047 fix(userspace/falco): validate the drop threshold config value Leonardo Di Donato 2021-03-19 17:52:04 +00:00
  • 199a1c22c6 fix(userspace/falco): n_evts does not containd the dropped events count Leonardo Di Donato 2021-03-19 15:45:00 +00:00
  • 5380fe5308 new(test): test case about illogical drop actions Leonardo Di Donato 2021-03-19 12:57:29 +00:00
  • e3f7cdab20 update(userspace/falco): pass to sdropmgr the threshold Leonardo Di Donato 2021-03-19 12:46:18 +00:00
  • 1714926cc6 update(userspace/falco): reduce noisiness Leonardo Di Donato 2021-03-19 12:45:27 +00:00
  • 4774e92bc2 refactor(userspace/falco): refactor the enum of drop actions into an enum class Leonardo Di Donato 2021-03-19 12:44:57 +00:00
  • a1b58d70a7 update(userspace/falco): grab the threshold configuration value + do not allow the ignore action to work with any other except the exit one Leonardo Di Donato 2021-03-19 12:44:20 +00:00
  • b8b50932fe update: reduce the max burst of event drops Leonardo Di Donato 2021-03-19 12:42:58 +00:00
  • 7ea80e39b1 rule(Set Setuid or Setgid bit) update: add k3s-agent in the whitelist Kaizhe Huang 2021-03-20 17:15:07 -07:00
  • b58f76b268 rule (Debugfs Launched in Privileged Container and Mount Launched in Privileged Container): create Kaizhe Huang 2021-03-20 17:13:13 -07:00
  • b1801c28c7 Bump year to 2021 JenTing Hsiao 2021-02-04 14:38:51 +08:00
  • e1d3e68a84 Modprobe/rmmod at systemd service start/stop JenTing Hsiao 2021-02-04 14:26:14 +08:00
  • 5661b491af Removes the comments in systemd service files JenTing Hsiao 2020-12-13 08:14:49 +08:00
  • 39bb5c28c7 Migrate from init to systemd in debian package JenTing Hsiao 2020-10-19 09:22:44 +08:00
  • 3ba62a4031 Migrate from init to systemd in rpm package JenTing Hsiao 2020-10-16 13:31:14 +08:00
  • 2f0e09b549 rule (Write below monitored dir): Clean up and use glob matching. Shane Lawrence 2021-02-20 18:17:40 -05:00
  • 09ac4b9ff6 Use url-safe characters in falco version use-url-safe-chars-version Mark Stemm 2021-03-11 14:41:35 -08:00
  • 34bbe2984f Pocteo as an adopter POCTEO 2021-03-10 17:28:21 +01:00
  • 825e6caf2d build: fetch build deps from download.falco.org Leonardo Grasso 2021-03-09 11:56:12 +01:00
  • 96ad761308 adding falco-slim build/push jonahjon 2021-01-15 10:31:01 -05:00
  • bb7ce37159 fix(.circleci): correctly publish the falco-driver-loader container image from master to AWS ECR gallery Leo Di Donato 2021-01-15 10:43:47 +01:00
  • c66d056f67 fix(.circleci): the falco-driver-loader container images requires FALCO_IMAGE_TAG build arg (release to AWS ECR gallery) Leo Di Donato 2021-01-15 10:39:06 +01:00
  • 6a2759fe94 update(.circleci): tag falco-no-driver:<tag> image as falco-no-driver:latest, falco:<tag>-slim, and falco:latest-slim Leo Di Donato 2021-01-15 10:33:57 +01:00
  • b91c5b613a update(.circleci): falco-no-driver:latest from bin bucket Leo Di Donato 2021-01-14 19:14:31 +01:00
  • 6fe9f8da0b fix(.circleci): falco-no-driver container images grabs Falco from the bin[-dev] bucket Leo Di Donato 2021-01-13 18:38:27 +01:00
  • e888a1d354 adding other alternate AWS builds to circleCI jonahjon 2021-01-11 09:08:28 -05:00
  • 6e746d71ba fixing typo Isaac Rivera 2021-02-26 16:47:33 -08:00
  • 2de8176c88 adding shapesecurity to adopters Isaac Rivera 2021-02-26 14:18:18 -08:00
  • 74164b1ef8 Use default pip version to get avocado version. Shane Lawrence 2021-02-22 09:33:08 -05:00
  • da8f054043 Fix broken links to docs. Shane Lawrence 2021-02-22 08:56:05 -05:00
  • 05545f228d Add flex and bison to docker for building bpf module on recent amazon linux2 Bart van der Schans 2021-02-21 17:24:54 +01:00
  • b3693a0b75 chore(rules): Add ibmcloud operator lifecycle manager Spencer Krum 2020-10-21 21:42:46 +00:00
  • a54f946135 chore(rules): Rule exceptions for ibm cloud Spencer Krum 2020-07-31 19:27:33 +00:00
  • 85db1aa997 fix(rules): correct indentation Leonardo Grasso 2021-02-18 17:39:18 +01:00
  • 37a6caae12 remove commercial images to unblock PR add endpoint-controller to user_known_sa_list related event: { "output": "05:19:25.557989888: Warning Service account created in kube namespace (user=system:kube-controller-manager serviceaccount=endpoint-controller ns=kube-system)", "priority": "Warning", "rule": "Service Account Created in Kube Namespace", "time": "2021-02-16T05:19:25.557989888Z", "output_fields": { "jevt.time": "05:19:25.557989888", "ka.target.name": "endpoint-controller", "ka.target.namespace": "kube-system", "ka.user.name": "system:kube-controller-manager" } } ismail yenigul 2021-02-16 08:31:30 +03:00
  • 2d962dfcb0 rebase to master update user_known_sa_list with k8s internal sa in kube-system ismail yenigul 2021-02-15 23:26:35 +03:00
  • 541845156f rhsm cert updates Petr Michalec 2020-09-08 16:55:31 +02:00
  • 0879523776 update: add review suggestions for Rule Sudo Potential Privilege Escalation darryk5 2021-01-29 11:50:01 +00:00
  • 81e880b486 Added Rule Sudo Potential Privilege Escalation (CVE-2021-3156) See #1540 darryk5 2021-01-28 20:06:56 +00:00
  • f140cdfd68 falco: add healthz endpoint Carlos Panato 2021-01-30 14:33:04 +01:00
  • e7c7a9b12d rule(Launch Package Management...): add sysdig nia rules-fp-fixes-2021-02 Mark Stemm 2021-02-10 11:13:16 -08:00
  • e01f96f3cf macro(exe_running_docker_save): handle crio also Mark Stemm 2021-02-10 11:09:03 -08:00
  • a637523ac9 rule(Clear Log Activities): allow fluentd to write Mark Stemm 2021-02-10 11:00:30 -08:00
  • ff78f26b93 rule(Change thread namespace): sysdig agent setns Mark Stemm 2021-02-10 10:59:27 -08:00
  • 5dda4ae3d7 rule(Change thread namespace): Let dynatrace setns Mark Stemm 2021-02-10 10:58:30 -08:00
  • 0031f3944d rule(Change thread namespace): let cilium nsenter Mark Stemm 2021-02-10 10:32:13 -08:00
  • ca8178c75e Test for rule/macro having unknown source allow-unknown-sources Mark Stemm 2021-01-26 10:19:58 -08:00
  • d8a793030e Skip rules/macros with unknown sources Mark Stemm 2021-01-26 10:19:26 -08:00
  • 6408270476 Added Swissblock to list of adopters Matteo Baiguini 2021-02-05 10:45:14 +01:00
  • 5a6cbb190c docs: update link for building from source Carlos Panato 2021-01-30 14:18:30 +01:00
  • 959811a503 add eks:node-manager to allowed_k8s_users list ismail yenigul 2021-01-26 14:25:51 +03:00
  • 19fe7240e2 new(proposals): libraries donation Leonardo Di Donato 2021-01-19 12:07:00 +01:00
  • 38dbf28057 chore: comment out again rules validation for now libhawk-rules Lorenzo Fontana 2021-01-21 10:50:47 +01:00
  • 3239c16391 update(userspace/libhawk): further explaination for rules provider Lorenzo Fontana 2021-01-07 13:35:43 +01:00
  • 549a4c3041 update(userspace/libhawk): watch rules transactional pattern documentation Lorenzo Fontana 2021-01-07 13:09:44 +01:00
  • 6e7256569c update(userspace): transactional interface for engine updates Lorenzo Fontana 2021-01-07 12:03:46 +01:00
  • c1805281ac update: rules provider configuration Lorenzo Fontana 2020-12-20 12:35:47 +01:00
  • 90c890bc2a update: extension loading mechanism Lorenzo Fontana 2020-12-18 23:52:16 +01:00
  • 24e2d175f0 update: library management code Lorenzo Fontana 2020-12-18 19:05:38 +01:00
  • 4ccbd9d194 update: initial library loader Lorenzo Fontana 2020-12-17 18:35:23 +01:00
  • 1957bc75b7 update(userspace/engine): copy constructor for falco_engine Lorenzo Fontana 2020-11-27 13:42:49 +01:00
  • f8c10f6c27 update(userspace): atomic falco engine delete previous instance Lorenzo Fontana 2020-11-27 12:48:37 +01:00