mirror of
https://github.com/falcosecurity/falco.git
synced 2026-03-18 18:58:41 +00:00
0c3fe8a4e7
Minimally working version that can link a go program against a so with the embedded falco engine. Running the program opens the engine for syscalls and prints any output strings on alert. It assumes the device already exists and the kernel module is loaded. Also assumes the lua code is below /user/share--we'll want to bake that into the shared library. Lots of memory leaks still, the interface from go to c is still monolithic, and I had to change the config of openssl crypto and luajit to compile with -fPIC in order to link into the shared library, but this version shows its feasible.
25 lines
968 B
C
25 lines
968 B
C
/*
|
|
Copyright (C) 2020 The Falco Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
// The version of rules/filter fields/etc supported by this falco
|
|
// engine.
|
|
#define FALCO_ENGINE_VERSION (9)
|
|
|
|
// This is the result of running "falco --list -N | sha256sum" and
|
|
// represents the fields supported by this version of falco. It's used
|
|
// at build time to detect a changed set of fields.
|
|
#define FALCO_FIELDS_CHECKSUM "8183621f52451d842036eee409e2ed920d9c91bab33e0c4a44e4a871378d103f"
|