github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-04-03 18:42:13 +00:00
Code Issues Projects Releases Wiki Activity

Commit Graph

  • c53df3af00 Don't rethrow exceptions in parse_k8s_audit_json Mark Stemm 2019-12-09 21:14:19 -08:00
  • 4c576f31f2 Also allow json arrays of k8s audit evts Mark Stemm 2019-12-09 21:12:00 -08:00
  • cd94d05cd9 rule(list network_tool_binaries): delete ssh from the list Hiroki Suezawa 2019-12-17 00:44:59 +09:00
  • 23a7203e50 rule(list network_tool_binaries): add network tool names Hiroki Suezawa 2019-12-13 22:28:21 +09:00
  • 28fa4a72e8 docs(docker/builder): usage reports clang version too Leonardo Di Donato 2019-12-13 11:31:31 +01:00
  • ac4f089903 update(docker/builder): add llvm-toolset-7 Leonardo Di Donato 2019-12-13 11:30:41 +01:00
  • cd1b23d2bc update(.github): remove unused kind/* label from PR template Leonardo Di Donato 2019-12-12 15:15:16 +01:00
  • de8714d2be chore(.github): delete issue templates in favor of default ones Leonardo Di Donato 2019-12-12 15:11:24 +01:00
  • 93fdf8ef61 rule(macro user_known_k8s_client_container): Rephrase the comment Hiroki Suezawa 2019-12-07 06:57:46 +09:00
  • bcc84c47c6 rule(macro user_known_k8s_client_container): have more strict condition to avoid false positives Hiroki Suezawa 2019-12-07 03:03:40 +09:00
  • 965ead0c2a build: use consistent case for options in message Chris Goller 2019-12-10 07:12:30 -08:00
  • d66125278a build: use consistent case for falco options Chris Goller 2019-12-09 22:17:46 -08:00
  • e31bfeb8b2 build: add FALCO_Coverage CMake option Chris Goller 2019-12-09 11:36:28 -06:00
  • 7159b43f68 update(proposals): goals, non-goals and use cases of the Falco API Leonardo Di Donato 2019-12-05 17:44:55 +01:00
  • b684aee817 update(proposals): better summary for Falco API Leonardo Di Donato 2019-12-05 17:39:24 +01:00
  • ae52dc4d3b proposals: complete the Falco API proposal Leonardo Di Donato 2019-10-31 16:42:34 +00:00
  • a64f7faa3c fix(proposals): typos and language Leo Di Donato 2019-10-31 16:51:51 +01:00
  • ced04a4d89 update: goals and (initial) architecture for API services Leonardo Di Donato 2019-10-30 18:35:55 +01:00
  • 2b75ca9024 new: setup Falco API proposal Leonardo Di Donato 2019-10-30 15:55:20 +01:00
  • 8069eacc94 build: use secure grpc when it is not bundled Lorenzo Fontana 2019-12-06 10:58:33 +01:00
  • 13931ab5d7 rule(Write below etc): whitelist automount writing under /etc Nicolas Marier 2019-12-05 09:47:23 -05:00
  • 559b7e1bb1 rule(The docker client is executed in a container): modify condition to reduce false positive Hiroki Suezawa 2019-12-04 22:56:29 +09:00
  • fc58ac7356 rule update: modify rule to detect connection to K8S API Server from a container Hiroki Suezawa 2019-12-04 14:33:20 +09:00
  • e893e048a1 docs(README): community call + repo planning + correct mailing list URL Leonardo Di Donato 2019-12-04 17:02:12 +01:00
  • 0c9787624b docs(CONTRIBUTING): rule type subsection title Leo Di Donato 2019-12-04 16:36:15 +01:00
  • daca750cd9 docs(CONTRIBUTING): commit convention details Lorenzo Fontana 2019-12-04 12:27:45 +01:00
  • 418bcf2177 Apply Kaizhe's code review Jean-Philippe Lachance 2019-12-03 16:30:56 -05:00
  • f97a33d40a Exclude exe_running_docker_save in the "Update Package Repository" rule Jean-Philippe Lachance 2019-12-03 12:06:55 -05:00
  • df7a356e1d Apply Kaizhe's code review Jean-Philippe Lachance 2019-12-03 16:27:23 -05:00
  • 03e8b7f53d Exclude exe_running_docker_save in the "Modify Shell Configuration File" rule Jean-Philippe Lachance 2019-12-03 12:15:31 -05:00
  • 146343e5f0 Update the exe_running_docker_save macro to support docker in docker Jean-Philippe Lachance 2019-12-03 16:00:27 -05:00
  • 7da245e902 rule update: Modify rule to detect raw packets creation Hiroki Suezawa 2019-12-04 06:33:55 +09:00
  • d0e6279bb2 rule update: Modify condition for raw packets creation Hiroki Suezawa 2019-12-04 00:20:36 +09:00
  • 8b2d4e1fe6 rule update: Fix condition for raw packets creation and renamed Hiroki Suezawa 2019-12-03 12:21:02 +09:00
  • ebec520ebc rule update: Add rules to detect raw packets creation Hiroki Suezawa 2019-12-03 03:00:35 +09:00
  • 2f8caf99cd rule update: align sensitive mount macro between k8s_audit rules and syscall rules kaizhe 2019-12-03 11:43:46 -08:00
  • 0b402e2326 rule update: Rename rule for Cloud Metadata access again Hiroki Suezawa 2019-12-03 10:36:42 +09:00
  • 54329a64cd rule update: Rename rule for Cloud Metadata access Hiroki Suezawa 2019-12-03 09:29:43 +09:00
  • 89d8259860 rule update: Add consider_gce_metadata_access macro for rule to detect GCE Metadata access rung 2019-12-02 11:27:53 +09:00
  • e70febc8db rule update: Add rules for GCE Metadata detection Hiroki Suezawa 2019-12-01 14:13:49 +09:00
  • 722ab4f2f9 minor changes kaizhe 2019-12-02 11:14:05 -08:00
  • 6c9bce6f73 update k8s audit rule kaizhe 2019-11-18 20:50:08 -08:00
  • 7c33fafe89 minor changes kaizhe 2019-11-18 20:16:35 -08:00
  • 18acea4a73 minor changes kaizhe 2019-11-18 20:05:57 -08:00
  • 8011fe7ce7 rules update: add more sensitive host path to sensitive_host_mount macro kaizhe 2019-11-18 20:01:46 -08:00
  • d328ff3fde update(cmake/patch): include Makefile template in patch for grpc 1.25.0 Lorenzo Fontana 2019-11-29 05:38:31 +01:00
  • fbcc6a0781 build: update gRPC to 1.25.0 Lorenzo Fontana 2019-11-29 04:42:46 +01:00
  • 80d69917ea * Rename the macro to user_known_package_manager_in_container + Add a comment to explain how we should use this macro Jean-Philippe Lachance 2019-12-02 16:10:11 -05:00
  • 3713f7a614 + Add a simple user_known_package_manager_in_container_conditions macro * Use the user_known_package_manager_in_container_conditions macro in the "Launch Package Management Process in Container" rule Jean-Philippe Lachance 2019-11-29 16:53:02 -05:00
  • 79cb75dcd1 ! Exclude exe_running_docker_save in the "Set Setuid or Setgid bit" rule Jean-Philippe Lachance 2019-12-02 16:53:17 -05:00
  • c736a843a0 rule update: Add kubelet to user_known_chmod_applications list Hiroki Suezawa 2019-12-01 23:44:14 +09:00
  • 1b05f0e6a7 chore: read hostname in initialization Adrián Arroyo Calle 2019-11-21 15:52:22 +00:00
  • 4d180cbc31 chore: use std::string to have safer copies Adrián Arroyo Calle 2019-11-20 09:55:47 +00:00
  • 137e7fc0ec chore: hostname can be 253 characters maximum Adrián Arroyo Calle 2019-11-19 19:42:59 +00:00
  • 52fbcefa1d chore: add environment variable FALCO_GRPC_HOSTNAME Adrián Arroyo Calle 2019-11-19 16:57:06 +00:00
  • a084f17493 feat: add hostname field in gRPC output Adrián Arroyo Calle 2019-11-18 12:17:05 +00:00
  • c96f85282d fix: do not use wget to patch gRPC makefile Leonardo Di Donato 2019-11-27 15:36:31 +00:00
  • d2459aa0a8 update: add wget to the travis build Lorenzo Fontana 2019-11-21 19:27:52 +00:00
  • d11ac4a59d update: cleanup the gRPC dependency and use the url from the main project Lorenzo Fontana 2019-11-21 17:33:07 +00:00
  • 4e39fee54e Always catch json type errors when extracting Mark Stemm 2019-11-18 12:04:45 -08:00
  • 885e131451 fix(scripts): copy falco-probe-loader during packages build Leonardo Di Donato 2019-11-08 16:36:46 +00:00
  • 6ede7bd422 chore: removing sysdig references Leonardo Di Donato 2019-11-08 14:26:35 +00:00
  • a64a827d72 update: puppet module had been renamed to falco Leonardo Di Donato 2019-11-08 14:25:45 +00:00
  • a200d17581 chore: improving naming Leonardo Di Donato 2019-11-08 12:02:49 +00:00
  • a17a12c306 update(scripts): rename env variables for falco probe loader Leonardo Di Donato 2019-11-08 11:41:32 +00:00
  • 514d8bacc3 update(docker): introduce SKIP_MODULE_LOAD env variable Leonardo Di Donato 2019-11-08 11:31:13 +00:00
  • 3e9ebfb354 fix(docker): adapt dockerfiles to HOST_ROOT env var Leonardo Di Donato 2019-11-05 15:32:30 +00:00
  • 17bc344381 fix(scripts): rename SYSDIG_HOST_ROOT env variable into HOST_ROOT Leonardo Di Donato 2019-11-05 15:32:12 +00:00
  • 3ce2056dc5 fix(docker): glob rather than ls in the docker entrypoints Leonardo Di Donato 2019-11-05 15:31:09 +00:00
  • 9e355e1a74 fix(userspace/falco): typo for consumer related methods Leonardo Di Donato 2019-11-05 15:30:03 +00:00
  • 468fa35965 chore: naming cleanup Loris Degioanni 2019-11-01 15:43:01 -07:00
  • bb3c0275cc fix(scripts): license header Loris Degioanni 2019-11-01 15:25:31 -07:00
  • 568f480942 new falco-probe-loader file that doesn't depend on sysdig Loris Degioanni 2019-11-01 14:39:58 -07:00
  • 3b45e58217 chore: remove some more unnecessary, legacy references to falco in sysdig Loris Degioanni 2019-11-01 14:17:46 -07:00
  • cf8395c7ed minor changes kaizhe 2019-11-06 09:34:51 -08:00
  • f16c744779 rules update: add hyperkube to the whitelist of rule Set Setuid or Setgit bit kaizhe 2019-11-06 09:23:25 -08:00
  • 4ed581853a rules update: add docker-runc-cur to container_entrypoint macro kaizhe 2019-11-03 22:58:45 -08:00
  • ed767561ac Added list k8s_client_binaries David de Torres 2019-11-07 07:48:34 +01:00
  • 98becedebb Added rule to detect k8s client tool in container David de Torres 2019-11-07 01:42:10 +01:00
  • ae7924cc41 Cleaning up some nomenclature Kris Nova 2019-11-01 20:02:36 +01:00
  • 4f53c85f97 Removing Sysdig inc Kris Nova 2019-11-01 19:19:08 +01:00
  • 8c2a36ca00 fix the image name and tag for the linuxkit Dockerfile Yash Bhutwala 2019-11-03 19:18:07 -05:00
  • 1ede1fc0f1 docs: add frame.io and sightmachine to ADOPTERS file Leonardo Di Donato 2019-10-31 18:10:15 +01:00
  • 6c5554ca8b docs: add PR 906 to changelog for 0.18.0 0.18.0 Lorenzo Fontana 2019-10-31 11:25:22 +01:00
  • d5e505165a docs: update changelog to 0.18.0 Lorenzo Fontana 2019-10-28 16:54:56 +01:00
  • 76b263269f docs(integrations): bump version to 0.18.0 Lorenzo Fontana 2019-10-28 16:54:25 +01:00
  • eae65475e0 docs(docker): version bump to 0.18.0 Lorenzo Fontana 2019-10-28 16:52:40 +01:00
  • 023f510a75 Don't pop excess values from stack Mark Stemm 2019-10-29 18:10:00 -07:00
  • b38db99449 rules update: add calico/node to trusted privileged container list; add calico_node_write_envvars macro to exception list of write below etc kaizhe 2019-10-24 22:47:50 -07:00
  • daec9cb30d Use falcoctl 0.0.4+ tests for space/dash psp names Mark Stemm 2019-10-24 10:53:23 -07:00
  • 5c61276695 rules update: expand list allowed_k8s_users kaizhe 2019-10-23 14:17:18 -07:00
  • d21e69cf9a Use falcoctl 0.0.3 w/ unique names Mark Stemm 2019-10-21 10:50:48 -07:00
  • 3fafac342b Add backward compat test for v4 k8s audit Mark Stemm 2019-10-17 11:47:16 -07:00
  • ccb3cc13b4 Make engine v5 backward compatible w/ v4 rules Mark Stemm 2019-10-17 11:43:18 -07:00
  • b4fdaa3544 Use falcoctl for psp conversion Mark Stemm 2019-10-14 11:29:05 -07:00
  • 89121527da Add automated tests for K8s PSP Support Mark Stemm 2019-09-09 16:47:19 -07:00
  • 8ebcbac7a3 Use xenial instead of trusty Mark Stemm 2019-09-12 10:58:59 -07:00
  • 1c3bed135f Add improved field outputting Mark Stemm 2019-09-09 16:45:03 -07:00
  • 154dd18c8f JSON/K8s Audit Evts extract multiple typed values Mark Stemm 2019-09-09 16:02:12 -07:00
  • b6fec781b7 Add support for parsing "intersects" operator Mark Stemm 2019-09-09 15:51:14 -07:00