github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-05-12 17:52:56 +00:00
Code Issues Projects Releases Wiki Activity
Files
2591ed4d688749e9d915b5d8c8f97c0b4442e6eb
falco/scripts/debian/postinst.in
Federico Di Pierro ffce069c96 update(scripts): added a falcoctl systemd service. 
Add a new dialog to choose whether to enable falcoctl feed.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2023-01-25 17:37:37 +01:00

109 lines
3.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
# Copyright (C) 2022 The Falco Authors.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
chosen_driver=
enable_falcoctl=0
if [ "$1" = "configure" ]; then
if [ -x /usr/bin/dialog ]; then
# If dialog is installed, create a dialog to let users choose the correct driver for them
CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 40 5 \
1 "Don't start" \
2 "Kmod" \
3 "eBPF" \
4 "Modern eBPF" \
5 "Plugin" \
2>&1 >/dev/tty)
case $CHOICE in
2)
chosen_driver="kmod"
;;
3)
chosen_driver="bpf"
;;
4)
chosen_driver="modern-bpf"
;;
5)
chosen_driver="plugin"
;;
esac
if [ -n "$chosen_driver" ]; then
CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to subscribe to automatic ruleset feed?" 10 40 2 \
1 "No" \
2 "Yes" \
2>&1 >/dev/tty)
case $CHOICE in
2)
enable_falcoctl=1
;;
esac
fi
clear
fi
fi
set -e
# If needed, try to load/compile the driver through falco-driver-loader
case "$chosen_driver" in
"kmod")
echo "[POST-INSTALL] Call 'falco-driver-loader module':"
falco-driver-loader module
;;
"bpf")
echo "[POST-INSTALL] Call 'falco-driver-loader bpf':"
falco-driver-loader bpf
;;
esac
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -n "$chosen_driver" ]; then
echo "[POST-INSTALL] Enable 'falco-$chosen_driver.service':"
systemctl --system enable "falco-$chosen_driver.service" || true
echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':"
systemctl --system start "falco-$chosen_driver.service" || true
if [ $enable_falcoctl -eq 1 ]; then
echo "[POST-INSTALL] Enable 'falcoctl.service':"
systemctl --system enable "falcoctl.service" || true
echo "[POST-INSTALL] Start 'falcoctl.service':"
systemctl --system start "falcoctl.service" || true
fi
fi
fi
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -d /run/systemd/system ]; then
echo "[POST-INSTALL] Trigger deamon-reload:"
systemctl --system daemon-reload || true
if [ -n "$chosen_driver" ]; then
echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:"
# restart falco on upgrade if service is already running
systemctl --system condrestart "falco-$chosen_driver.service" || true
if [ $enable_falcoctl -eq 1 ]; then
echo "[POST-INSTALL] Trigger 'falcoctl.service' condrestart:"
# restart falcoctl on upgrade if service is already running
systemctl --system condrestart "falcoctl.service" || true
fi
fi
fi
fi
Reference in New Issue View Git Blame Copy Permalink