From fce8959acdb311a27b1ced06637fb0c3a71aac08 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Tue, 10 Jan 2023 14:00:29 +0100 Subject: [PATCH 01/20] new(cmake): added a cmake module to enforce the download and installation of falcoctl. Signed-off-by: Federico Di Pierro --- CMakeLists.txt | 2 ++ cmake/modules/falcoctl.cmake | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 cmake/modules/falcoctl.cmake diff --git a/CMakeLists.txt b/CMakeLists.txt index af73ea6f3b8..17bec25639e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -228,5 +228,7 @@ if(NOT MUSL_OPTIMIZED_BUILD) include(plugins) endif() +include(falcoctl) + # Packages configuration include(CPackConfig) diff --git a/cmake/modules/falcoctl.cmake b/cmake/modules/falcoctl.cmake new file mode 100644 index 00000000000..16b5591b080 --- /dev/null +++ b/cmake/modules/falcoctl.cmake @@ -0,0 +1,36 @@ +# +# Copyright (C) 2023 The Falco Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. +# + +include(ExternalProject) + +string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} FALCOCTL_SYSTEM_NAME) + +set(FALCOCTL_VERSION "0.2.0-rc1") + +if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64") + set(FALCOCTL_SYSTEM_PROC_GO "amd64") + set(FALCOCTL_HASH "82dbd20afc2a3605cb77db6ac79f8b523ffb4d8b224511531fdcf366d2ec9929") +else() # aarch64 + set(FALCOCTL_SYSTEM_PROC_GO "arm64") + set(FALCOCTL_HASH "e07e9b30e4c2ac75835068a912619db4cad288b300a5ed8c66d1f7ea367c2b96") +endif() + +ExternalProject_Add( + falcoctl + URL "https://github.com/falcosecurity/falcoctl/releases/download/v${FALCOCTL_VERSION}/falcoctl_${FALCOCTL_VERSION}_${FALCOCTL_SYSTEM_NAME}_${FALCOCTL_SYSTEM_PROC_GO}.tar.gz" + URL_HASH "SHA256=${FALCOCTL_HASH}" + CONFIGURE_COMMAND "" + BUILD_COMMAND "" + INSTALL_COMMAND "") + +install(PROGRAMS "${PROJECT_BINARY_DIR}/falcoctl-prefix/src/falcoctl/falcoctl" DESTINATION "${FALCO_BIN_DIR}" COMPONENT "${FALCO_COMPONENT_NAME}") \ No newline at end of file From a9d9eff829b9bcccd9bf45680f10d3213e201661 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Tue, 10 Jan 2023 14:23:10 +0100 Subject: [PATCH 02/20] update(scripts): added a falcoctl systemd service. Add a new dialog to choose whether to enable falcoctl feed. Signed-off-by: Federico Di Pierro --- cmake/cpack/CMakeCPackOptions.cmake | 1 + scripts/CMakeLists.txt | 2 ++ scripts/debian/postinst.in | 36 ++++++++++++++++---- scripts/debian/postrm.in | 1 + scripts/debian/prerm.in | 1 + scripts/rpm/postinstall.in | 51 ++++++++++++++++++++--------- scripts/rpm/postuninstall.in | 1 + scripts/rpm/preuninstall.in | 2 ++ scripts/systemd/falcoctl.service | 22 +++++++++++++ 9 files changed, 96 insertions(+), 21 deletions(-) create mode 100644 scripts/systemd/falcoctl.service diff --git a/cmake/cpack/CMakeCPackOptions.cmake b/cmake/cpack/CMakeCPackOptions.cmake index 11e527d57f5..967cf882d77 100644 --- a/cmake/cpack/CMakeCPackOptions.cmake +++ b/cmake/cpack/CMakeCPackOptions.cmake @@ -5,6 +5,7 @@ if(CPACK_GENERATOR MATCHES "DEB" OR CPACK_GENERATOR MATCHES "RPM") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-modern-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-plugin.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") + list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falcoctl.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") endif() if(CPACK_GENERATOR MATCHES "TGZ") diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index e133040194c..de6b2aa23b2 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -26,6 +26,8 @@ file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-modern-bpf.service" DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-plugin.service" DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") +file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falcoctl.service" + DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") # Debian configure_file(debian/postinst.in debian/postinst) diff --git a/scripts/debian/postinst.in b/scripts/debian/postinst.in index 0a77454c11a..08c6b7362db 100755 --- a/scripts/debian/postinst.in +++ b/scripts/debian/postinst.in @@ -17,19 +17,19 @@ # chosen_driver= +enable_falcoctl=0 if [ "$1" = "configure" ]; then if [ -x /usr/bin/dialog ]; then # If dialog is installed, create a dialog to let users choose the correct driver for them - CHOICE=$(dialog --clear --backtitle "Choose your preferred driver" --title "Falco drivers" --menu "Choose one of the following options:" 15 40 5 \ + CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 40 5 \ 1 "Don't start" \ 2 "Kmod" \ 3 "eBPF" \ 4 "Modern eBPF" \ 5 "Plugin" \ 2>&1 >/dev/tty) - if [ $? -eq 0 ]; then - case $CHOICE in + case $CHOICE in 2) chosen_driver="kmod" ;; @@ -42,9 +42,20 @@ if [ "$1" = "configure" ]; then 5) chosen_driver="plugin" ;; - esac - fi - clear + esac + + if [ -n "$chosen_driver" ]; then + CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to subscribe to automatic ruleset feed?" 10 40 2 \ + 1 "No" \ + 2 "Yes" \ + 2>&1 >/dev/tty) + case $CHOICE in + 2) + enable_falcoctl=1 + ;; + esac + fi + clear fi fi @@ -68,6 +79,13 @@ if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-decon systemctl --system enable "falco-$chosen_driver.service" || true echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':" systemctl --system start "falco-$chosen_driver.service" || true + + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Enable 'falcoctl.service':" + systemctl --system enable "falcoctl.service" || true + echo "[POST-INSTALL] Start 'falcoctl.service':" + systemctl --system start "falcoctl.service" || true + fi fi fi @@ -79,6 +97,12 @@ if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-decon echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:" # restart falco on upgrade if service is already running systemctl --system condrestart "falco-$chosen_driver.service" || true + + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Trigger 'falcoctl.service' condrestart:" + # restart falcoctl on upgrade if service is already running + systemctl --system condrestart "falcoctl.service" || true + fi fi fi fi diff --git a/scripts/debian/postrm.in b/scripts/debian/postrm.in index 02876b5bd58..1bce2b47d75 100755 --- a/scripts/debian/postrm.in +++ b/scripts/debian/postrm.in @@ -27,6 +27,7 @@ if [ -d /run/systemd/system ] && [ "$1" = remove ]; then systemctl --system disable 'falco-bpf.service' || true systemctl --system disable 'falco-modern-bpf.service' || true systemctl --system disable 'falco-plugin.service' || true + systemctl --system disable 'falcoctl.service' || true echo "[POST-REMOVE] Trigger deamon-reload:" systemctl --system daemon-reload || true diff --git a/scripts/debian/prerm.in b/scripts/debian/prerm.in index 72f1013e88c..90cb88168d2 100755 --- a/scripts/debian/prerm.in +++ b/scripts/debian/prerm.in @@ -28,6 +28,7 @@ case "$1" in systemctl --system stop 'falco-bpf.service' || true systemctl --system stop 'falco-modern-bpf.service' || true systemctl --system stop 'falco-plugin.service' || true + systemctl --system stop 'falcoctl.service' || true echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'" falco-driver-loader --clean diff --git a/scripts/rpm/postinstall.in b/scripts/rpm/postinstall.in index 7dfaf3f2346..800c914dd81 100755 --- a/scripts/rpm/postinstall.in +++ b/scripts/rpm/postinstall.in @@ -16,32 +16,41 @@ # chosen_driver= +enable_falcoctl=0 if [ $1 -eq 1 ]; then if [ -x /usr/bin/dialog ]; then # If dialog is installed, create a dialog to let users choose the correct driver for them - CHOICE=$(dialog --clear --backtitle "Choose your preferred driver" --title "Falco drivers" --menu "Choose one of the following options:" 15 40 5 \ + CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 40 5 \ 1 "Don't start" \ 2 "Kmod" \ 3 "eBPF" \ 4 "Modern eBPF" \ 5 "Plugin" \ 2>&1 >/dev/tty) - # When user presses cancel, go on as default (don't start) - if [ $? -eq 0 ]; then + case $CHOICE in + 2) + chosen_driver="kmod" + ;; + 3) + chosen_driver="bpf" + ;; + 4) + chosen_driver="modern-bpf" + ;; + 5) + chosen_driver="plugin" + ;; + esac + if [ -n "$chosen_driver" ]; then + CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to subscribe to automatic ruleset feed?" 10 40 2 \ + 1 "No" \ + 2 "Yes" \ + 2>&1 >/dev/tty) case $CHOICE in - 2) - chosen_driver="kmod" - ;; - 3) - chosen_driver="bpf" - ;; - 4) - chosen_driver="modern-bpf" - ;; - 5) - chosen_driver="plugin" - ;; + 2) + enable_falcoctl=1 + ;; esac fi clear @@ -78,6 +87,13 @@ if [ $1 -eq 1 ]; then systemctl --system enable "falco-$chosen_driver.service" || true echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':" systemctl --system start "falco-$chosen_driver.service" || true + + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Enable 'falcoctl.service':" + systemctl --system enable "falcoctl.service" || true + echo "[POST-INSTALL] Start 'falcoctl.service':" + systemctl --system start "falcoctl.service" || true + fi fi fi @@ -90,6 +106,11 @@ if [ $1 -gt 1 ]; then echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:" # restart falco on upgrade if service is already running systemctl --system condrestart "falco-$chosen_driver.service" || true + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Trigger 'falcoctl.service' condrestart:" + # restart falcoctl on upgrade if service is already running + systemctl --system condrestart "falcoctl.service" || true + fi fi fi fi diff --git a/scripts/rpm/postuninstall.in b/scripts/rpm/postuninstall.in index 8e148a5af2c..d63e14ea500 100755 --- a/scripts/rpm/postuninstall.in +++ b/scripts/rpm/postuninstall.in @@ -23,6 +23,7 @@ if [ -d /run/systemd/system ] && [ $1 -eq 0 ]; then systemctl --system disable 'falco-bpf.service' || true systemctl --system disable 'falco-modern-bpf.service' || true systemctl --system disable 'falco-plugin.service' || true + systemctl --system disable 'falcoctl.service' || true echo "[POST-REMOVE] Trigger deamon-reload:" systemctl --system daemon-reload || true diff --git a/scripts/rpm/preuninstall.in b/scripts/rpm/preuninstall.in index 3039d25b8dc..dd7c0cf185f 100755 --- a/scripts/rpm/preuninstall.in +++ b/scripts/rpm/preuninstall.in @@ -22,6 +22,7 @@ systemctl --system stop 'falco-kmod.service' || true systemctl --system stop 'falco-bpf.service' || true systemctl --system stop 'falco-modern-bpf.service' || true systemctl --system stop 'falco-plugin.service' || true +systemctl --system stop 'falcoctl.service' || true echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'" falco-driver-loader --clean @@ -37,3 +38,4 @@ falco-driver-loader --clean %systemd_preun 'falco-bpf.service' %systemd_preun 'falco-modern-bpf.service' %systemd_preun 'falco-plugin.service' +%systemd_preun 'falcoctl.service' \ No newline at end of file diff --git a/scripts/systemd/falcoctl.service b/scripts/systemd/falcoctl.service new file mode 100644 index 00000000000..123d782f586 --- /dev/null +++ b/scripts/systemd/falcoctl.service @@ -0,0 +1,22 @@ +[Unit] +Description=Falcoctl: Administrative tooling for Falco +Documentation=https://github.com/falcosecurity/falcoctl + +[Service] +Type=simple +ExecStart=/usr/bin/falcoctl --follow +UMask=0077 +TimeoutSec=30 +RestartSec=15s +Restart=on-failure +PrivateTmp=true +NoNewPrivileges=yes +ProtectHome=read-only +ProtectSystem=full +ProtectKernelTunables=true +RestrictRealtime=true +RestrictAddressFamilies=~AF_PACKET +StandardOutput=null + +[Install] +WantedBy=multi-user.target From 8486e9d650c0f187ad06a5709c5f2493eb53cd7c Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Wed, 11 Jan 2023 15:09:00 +0100 Subject: [PATCH 03/20] chore(scripts): updated falcoctl service. Signed-off-by: Federico Di Pierro --- scripts/systemd/falcoctl.service | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/systemd/falcoctl.service b/scripts/systemd/falcoctl.service index 123d782f586..8f679ab70b4 100644 --- a/scripts/systemd/falcoctl.service +++ b/scripts/systemd/falcoctl.service @@ -1,10 +1,11 @@ [Unit] -Description=Falcoctl: Administrative tooling for Falco -Documentation=https://github.com/falcosecurity/falcoctl +Description=Falco: Automatic rules update service +Documentation=https://falco.org/docs/ [Service] Type=simple -ExecStart=/usr/bin/falcoctl --follow +ExecStartPre=/usr/bin/falco --version-json > /etc/falco/falco_versions.json +ExecStart=/usr/bin/falcoctl --config=/etc/falcoctl/config.yaml artifact follow --list=/etc/falcoctl/follow.yaml --requirements=/etc/falco/falco_versions.json --pidfile=/var/run/falcoctl.pid UMask=0077 TimeoutSec=30 RestartSec=15s From a11baaff575638bd64818acfa9f51df895b928b7 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Wed, 18 Jan 2023 10:57:57 +0100 Subject: [PATCH 04/20] update(cmake,scripts): updated falcoctl to 0.3.0-rc1. Fix up falcoctl.service. Signed-off-by: Federico Di Pierro Co-authored-by: Lorenzo Susini --- cmake/modules/falcoctl.cmake | 6 +++--- scripts/systemd/falcoctl.service | 11 +++++------ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/cmake/modules/falcoctl.cmake b/cmake/modules/falcoctl.cmake index 16b5591b080..10f42951eab 100644 --- a/cmake/modules/falcoctl.cmake +++ b/cmake/modules/falcoctl.cmake @@ -15,14 +15,14 @@ include(ExternalProject) string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} FALCOCTL_SYSTEM_NAME) -set(FALCOCTL_VERSION "0.2.0-rc1") +set(FALCOCTL_VERSION "0.3.0-rc1") if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64") set(FALCOCTL_SYSTEM_PROC_GO "amd64") - set(FALCOCTL_HASH "82dbd20afc2a3605cb77db6ac79f8b523ffb4d8b224511531fdcf366d2ec9929") + set(FALCOCTL_HASH "ddb7da605cb45b6d84c4e7805ff1a0a4e8bed012d8198b74b782695e4c5ac8e0") else() # aarch64 set(FALCOCTL_SYSTEM_PROC_GO "arm64") - set(FALCOCTL_HASH "e07e9b30e4c2ac75835068a912619db4cad288b300a5ed8c66d1f7ea367c2b96") + set(FALCOCTL_HASH "398e380cd24a3ecb2c0967336983bea9621833b08c3442383a412fbc546dfcb8") endif() ExternalProject_Add( diff --git a/scripts/systemd/falcoctl.service b/scripts/systemd/falcoctl.service index 8f679ab70b4..1adefd2c726 100644 --- a/scripts/systemd/falcoctl.service +++ b/scripts/systemd/falcoctl.service @@ -4,20 +4,19 @@ Documentation=https://falco.org/docs/ [Service] Type=simple -ExecStartPre=/usr/bin/falco --version-json > /etc/falco/falco_versions.json -ExecStart=/usr/bin/falcoctl --config=/etc/falcoctl/config.yaml artifact follow --list=/etc/falcoctl/follow.yaml --requirements=/etc/falco/falco_versions.json --pidfile=/var/run/falcoctl.pid +User=root +ExecStart=/usr/bin/falcoctl artifact follow UMask=0077 TimeoutSec=30 RestartSec=15s Restart=on-failure PrivateTmp=true NoNewPrivileges=yes -ProtectHome=read-only -ProtectSystem=full +ProtectSystem=true ProtectKernelTunables=true RestrictRealtime=true -RestrictAddressFamilies=~AF_PACKET -StandardOutput=null +#RestrictAddressFamilies=~AF_PACKET +#StandardOutput=null [Install] WantedBy=multi-user.target From 57bb3239c90d6c4989d1e7f1680ae343a7d41086 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Thu, 19 Jan 2023 16:02:02 +0100 Subject: [PATCH 05/20] new(scripts): add a falco.target that consists of falco-X.service units. falcoctl will then run and bind to falco.target. Signed-off-by: Federico Di Pierro --- cmake/cpack/CMakeCPackOptions.cmake | 3 ++- scripts/CMakeLists.txt | 2 ++ scripts/debian/prerm.in | 6 +----- scripts/rpm/preuninstall.in | 6 +----- scripts/systemd/falco-bpf.service | 6 ++---- scripts/systemd/falco-kmod.service | 6 ++---- scripts/systemd/falco-modern-bpf.service | 6 ++---- scripts/systemd/falco-plugin.service | 4 +--- scripts/systemd/falco.target | 7 +++++++ scripts/systemd/falcoctl.service | 5 +++-- 10 files changed, 23 insertions(+), 28 deletions(-) create mode 100644 scripts/systemd/falco.target diff --git a/cmake/cpack/CMakeCPackOptions.cmake b/cmake/cpack/CMakeCPackOptions.cmake index 967cf882d77..3dbcdbdb6e3 100644 --- a/cmake/cpack/CMakeCPackOptions.cmake +++ b/cmake/cpack/CMakeCPackOptions.cmake @@ -1,6 +1,7 @@ if(CPACK_GENERATOR MATCHES "DEB" OR CPACK_GENERATOR MATCHES "RPM") list(APPEND CPACK_INSTALL_COMMANDS "mkdir -p _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") - list(APPEND CPACK_INSTALL_COMMANDS "cp -r scripts/systemd/falco-kmod-inject.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") + list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco.target _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") + list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-kmod-inject.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-kmod.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-modern-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index de6b2aa23b2..b2598518ce7 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -16,6 +16,8 @@ # # Systemd +file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco.target" + DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod-inject.service" DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod.service" diff --git a/scripts/debian/prerm.in b/scripts/debian/prerm.in index 90cb88168d2..5bceda3744d 100755 --- a/scripts/debian/prerm.in +++ b/scripts/debian/prerm.in @@ -24,11 +24,7 @@ set -e case "$1" in remove|upgrade|deconfigure) echo "[PRE-REMOVE] Stop all Falco services:" - systemctl --system stop 'falco-kmod.service' || true - systemctl --system stop 'falco-bpf.service' || true - systemctl --system stop 'falco-modern-bpf.service' || true - systemctl --system stop 'falco-plugin.service' || true - systemctl --system stop 'falcoctl.service' || true + systemctl --system stop 'falco.target' || true echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'" falco-driver-loader --clean diff --git a/scripts/rpm/preuninstall.in b/scripts/rpm/preuninstall.in index dd7c0cf185f..18220f496b7 100755 --- a/scripts/rpm/preuninstall.in +++ b/scripts/rpm/preuninstall.in @@ -18,11 +18,7 @@ set -e # Currently running falco service uses the driver, so stop it before driver cleanup echo "[PRE-REMOVE] Stop all Falco services:" -systemctl --system stop 'falco-kmod.service' || true -systemctl --system stop 'falco-bpf.service' || true -systemctl --system stop 'falco-modern-bpf.service' || true -systemctl --system stop 'falco-plugin.service' || true -systemctl --system stop 'falcoctl.service' || true +systemctl --system stop 'falco.target' || true echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'" falco-driver-loader --clean diff --git a/scripts/systemd/falco-bpf.service b/scripts/systemd/falco-bpf.service index de8c57e6705..58127cd6eb3 100644 --- a/scripts/systemd/falco-bpf.service +++ b/scripts/systemd/falco-bpf.service @@ -1,6 +1,7 @@ [Unit] Description=Falco: Container Native Runtime Security with ebpf Documentation=https://falco.org/docs/ +PartOf=falco.target Conflicts=falco-kmod.service Conflicts=falco-modern-bpf.service Conflicts=falco-plugin.service @@ -21,7 +22,4 @@ ProtectSystem=full ProtectKernelTunables=true RestrictRealtime=true RestrictAddressFamilies=~AF_PACKET -StandardOutput=null - -[Install] -WantedBy=multi-user.target +StandardOutput=null \ No newline at end of file diff --git a/scripts/systemd/falco-kmod.service b/scripts/systemd/falco-kmod.service index f62516381ef..500bb93e793 100644 --- a/scripts/systemd/falco-kmod.service +++ b/scripts/systemd/falco-kmod.service @@ -3,6 +3,7 @@ Description=Falco: Container Native Runtime Security with kmod Documentation=https://falco.org/docs/ After=falco-kmod-inject.service Requires=falco-kmod-inject.service +PartOf=falco.target Conflicts=falco-bpf.service Conflicts=falco-modern-bpf.service Conflicts=falco-plugin.service @@ -23,7 +24,4 @@ ProtectKernelTunables=true ReadWritePaths=/sys/module/falco RestrictRealtime=true RestrictAddressFamilies=~AF_PACKET -StandardOutput=null - -[Install] -WantedBy=multi-user.target +StandardOutput=null \ No newline at end of file diff --git a/scripts/systemd/falco-modern-bpf.service b/scripts/systemd/falco-modern-bpf.service index 9b6825005c1..ef4bdc2e351 100644 --- a/scripts/systemd/falco-modern-bpf.service +++ b/scripts/systemd/falco-modern-bpf.service @@ -1,6 +1,7 @@ [Unit] Description=Falco: Container Native Runtime Security with modern ebpf Documentation=https://falco.org/docs/ +PartOf=falco.target Conflicts=falco-kmod.service Conflicts=falco-bpf.service Conflicts=falco-plugin.service @@ -20,7 +21,4 @@ ProtectSystem=full ProtectKernelTunables=true RestrictRealtime=true RestrictAddressFamilies=~AF_PACKET -StandardOutput=null - -[Install] -WantedBy=multi-user.target +StandardOutput=null \ No newline at end of file diff --git a/scripts/systemd/falco-plugin.service b/scripts/systemd/falco-plugin.service index 84befe716ec..dac0c1d0207 100644 --- a/scripts/systemd/falco-plugin.service +++ b/scripts/systemd/falco-plugin.service @@ -1,6 +1,7 @@ [Unit] Description=Falco: Container Native Runtime Security with plugin Documentation=https://falco.org/docs/ +PartOf=falco.target Conflicts=falco-kmod.service Conflicts=falco-bpf.service Conflicts=falco-modern-bpf.service @@ -21,6 +22,3 @@ ProtectKernelTunables=true RestrictRealtime=true RestrictAddressFamilies=~AF_PACKET StandardOutput=null - -[Install] -WantedBy=multi-user.target diff --git a/scripts/systemd/falco.target b/scripts/systemd/falco.target new file mode 100644 index 00000000000..df13a9e40fc --- /dev/null +++ b/scripts/systemd/falco.target @@ -0,0 +1,7 @@ +[Unit] +Description=Main Falco target +Requires=multi-user.target +After=multi-user.target + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/systemd/falcoctl.service b/scripts/systemd/falcoctl.service index 1adefd2c726..bc12c6ed66e 100644 --- a/scripts/systemd/falcoctl.service +++ b/scripts/systemd/falcoctl.service @@ -1,6 +1,8 @@ [Unit] Description=Falco: Automatic rules update service Documentation=https://falco.org/docs/ +After=falco.target +BindsTo=falco.target [Service] Type=simple @@ -15,8 +17,7 @@ NoNewPrivileges=yes ProtectSystem=true ProtectKernelTunables=true RestrictRealtime=true -#RestrictAddressFamilies=~AF_PACKET -#StandardOutput=null +StandardOutput=null [Install] WantedBy=multi-user.target From 8d296d7ae465667d8317d16316965a0ade654df0 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Thu, 19 Jan 2023 16:30:37 +0100 Subject: [PATCH 06/20] update(scripts): multiple renamings to falcoctl service + fixed description. Moreover, now falcoctl service is enabled by default. It being bound to falco.target allows us to avoid it running when falco.target is not running. Signed-off-by: Federico Di Pierro --- cmake/cpack/CMakeCPackOptions.cmake | 2 +- scripts/CMakeLists.txt | 2 +- scripts/debian/postinst.in | 49 +++++++++---------- scripts/debian/postrm.in | 2 +- scripts/rpm/postinstall.in | 47 +++++++++--------- scripts/rpm/postuninstall.in | 2 +- scripts/rpm/preuninstall.in | 2 +- ...rvice => falcoctl-artifact-follow.service} | 2 +- 8 files changed, 50 insertions(+), 58 deletions(-) rename scripts/systemd/{falcoctl.service => falcoctl-artifact-follow.service} (83%) diff --git a/cmake/cpack/CMakeCPackOptions.cmake b/cmake/cpack/CMakeCPackOptions.cmake index 3dbcdbdb6e3..ef2a556ad5f 100644 --- a/cmake/cpack/CMakeCPackOptions.cmake +++ b/cmake/cpack/CMakeCPackOptions.cmake @@ -6,7 +6,7 @@ if(CPACK_GENERATOR MATCHES "DEB" OR CPACK_GENERATOR MATCHES "RPM") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-modern-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-plugin.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") - list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falcoctl.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") + list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falcoctl-artifact-follow.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") endif() if(CPACK_GENERATOR MATCHES "TGZ") diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index b2598518ce7..d86098bf1c0 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -28,7 +28,7 @@ file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-modern-bpf.service" DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-plugin.service" DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") -file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falcoctl.service" +file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falcoctl-artifact-follow.service" DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") # Debian diff --git a/scripts/debian/postinst.in b/scripts/debian/postinst.in index 08c6b7362db..3d197f85d82 100755 --- a/scripts/debian/postinst.in +++ b/scripts/debian/postinst.in @@ -17,7 +17,7 @@ # chosen_driver= -enable_falcoctl=0 +enable_falcoctl=1 if [ "$1" = "configure" ]; then if [ -x /usr/bin/dialog ]; then @@ -40,21 +40,18 @@ if [ "$1" = "configure" ]; then chosen_driver="modern-bpf" ;; 5) - chosen_driver="plugin" + chosen_driver="plugin (needs manual configuration)" ;; esac - - if [ -n "$chosen_driver" ]; then - CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to subscribe to automatic ruleset feed?" 10 40 2 \ - 1 "No" \ - 2 "Yes" \ - 2>&1 >/dev/tty) - case $CHOICE in - 2) - enable_falcoctl=1 - ;; - esac - fi + CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \ + 1 "Yes" \ + 2 "No" \ + 2>&1 >/dev/tty) + case $CHOICE in + 2) + enable_falcoctl=0 + ;; + esac clear fi fi @@ -79,13 +76,12 @@ if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-decon systemctl --system enable "falco-$chosen_driver.service" || true echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':" systemctl --system start "falco-$chosen_driver.service" || true - - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Enable 'falcoctl.service':" - systemctl --system enable "falcoctl.service" || true - echo "[POST-INSTALL] Start 'falcoctl.service':" - systemctl --system start "falcoctl.service" || true - fi + fi + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Enable 'falcoctl-artifact-follow.service':" + systemctl --system enable "falcoctl-artifact-follow.service" || true + echo "[POST-INSTALL] Start 'falcoctl-artifact-follow.service':" + systemctl --system start "falcoctl-artifact-follow.service" || true fi fi @@ -97,12 +93,11 @@ if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-decon echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:" # restart falco on upgrade if service is already running systemctl --system condrestart "falco-$chosen_driver.service" || true - - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Trigger 'falcoctl.service' condrestart:" - # restart falcoctl on upgrade if service is already running - systemctl --system condrestart "falcoctl.service" || true - fi + fi + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Trigger 'falcoctl-artifact-follow.service' condrestart:" + # restart falcoctl-artifact-follow on upgrade if service is already running + systemctl --system condrestart "falcoctl-artifact-follow.service" || true fi fi fi diff --git a/scripts/debian/postrm.in b/scripts/debian/postrm.in index 1bce2b47d75..9f4b1da8a85 100755 --- a/scripts/debian/postrm.in +++ b/scripts/debian/postrm.in @@ -27,7 +27,7 @@ if [ -d /run/systemd/system ] && [ "$1" = remove ]; then systemctl --system disable 'falco-bpf.service' || true systemctl --system disable 'falco-modern-bpf.service' || true systemctl --system disable 'falco-plugin.service' || true - systemctl --system disable 'falcoctl.service' || true + systemctl --system disable 'falcoctl-artifact-follow.service' || true echo "[POST-REMOVE] Trigger deamon-reload:" systemctl --system daemon-reload || true diff --git a/scripts/rpm/postinstall.in b/scripts/rpm/postinstall.in index 800c914dd81..79db759cb19 100755 --- a/scripts/rpm/postinstall.in +++ b/scripts/rpm/postinstall.in @@ -16,7 +16,7 @@ # chosen_driver= -enable_falcoctl=0 +enable_falcoctl=1 if [ $1 -eq 1 ]; then if [ -x /usr/bin/dialog ]; then @@ -39,20 +39,18 @@ if [ $1 -eq 1 ]; then chosen_driver="modern-bpf" ;; 5) - chosen_driver="plugin" + chosen_driver="plugin (needs manual configuration)" ;; esac - if [ -n "$chosen_driver" ]; then - CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to subscribe to automatic ruleset feed?" 10 40 2 \ - 1 "No" \ - 2 "Yes" \ - 2>&1 >/dev/tty) - case $CHOICE in - 2) - enable_falcoctl=1 - ;; - esac - fi + CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \ + 1 "Yes" \ + 2 "No" \ + 2>&1 >/dev/tty) + case $CHOICE in + 2) + enable_falcoctl=0 + ;; + esac clear fi fi @@ -87,13 +85,12 @@ if [ $1 -eq 1 ]; then systemctl --system enable "falco-$chosen_driver.service" || true echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':" systemctl --system start "falco-$chosen_driver.service" || true - - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Enable 'falcoctl.service':" - systemctl --system enable "falcoctl.service" || true - echo "[POST-INSTALL] Start 'falcoctl.service':" - systemctl --system start "falcoctl.service" || true - fi + fi + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Enable 'falcoctl-artifact-follow.service':" + systemctl --system enable "falcoctl-artifact-follow.service" || true + echo "[POST-INSTALL] Start 'falcoctl-artifact-follow.service':" + systemctl --system start "falcoctl-artifact-follow.service" || true fi fi @@ -106,11 +103,11 @@ if [ $1 -gt 1 ]; then echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:" # restart falco on upgrade if service is already running systemctl --system condrestart "falco-$chosen_driver.service" || true - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Trigger 'falcoctl.service' condrestart:" - # restart falcoctl on upgrade if service is already running - systemctl --system condrestart "falcoctl.service" || true - fi + fi + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Trigger 'falcoctl-artifact-follow.service' condrestart:" + # restart falcoctl-artifact-follow on upgrade if service is already running + systemctl --system condrestart "falcoctl-artifact-follow.service" || true fi fi fi diff --git a/scripts/rpm/postuninstall.in b/scripts/rpm/postuninstall.in index d63e14ea500..3091c411eb3 100755 --- a/scripts/rpm/postuninstall.in +++ b/scripts/rpm/postuninstall.in @@ -23,7 +23,7 @@ if [ -d /run/systemd/system ] && [ $1 -eq 0 ]; then systemctl --system disable 'falco-bpf.service' || true systemctl --system disable 'falco-modern-bpf.service' || true systemctl --system disable 'falco-plugin.service' || true - systemctl --system disable 'falcoctl.service' || true + systemctl --system disable 'falcoctl-artifact-follow.service' || true echo "[POST-REMOVE] Trigger deamon-reload:" systemctl --system daemon-reload || true diff --git a/scripts/rpm/preuninstall.in b/scripts/rpm/preuninstall.in index 18220f496b7..291e62e1cde 100755 --- a/scripts/rpm/preuninstall.in +++ b/scripts/rpm/preuninstall.in @@ -34,4 +34,4 @@ falco-driver-loader --clean %systemd_preun 'falco-bpf.service' %systemd_preun 'falco-modern-bpf.service' %systemd_preun 'falco-plugin.service' -%systemd_preun 'falcoctl.service' \ No newline at end of file +%systemd_preun 'falcoctl-artifact-follow.service' \ No newline at end of file diff --git a/scripts/systemd/falcoctl.service b/scripts/systemd/falcoctl-artifact-follow.service similarity index 83% rename from scripts/systemd/falcoctl.service rename to scripts/systemd/falcoctl-artifact-follow.service index bc12c6ed66e..80e1ec8704c 100644 --- a/scripts/systemd/falcoctl.service +++ b/scripts/systemd/falcoctl-artifact-follow.service @@ -1,5 +1,5 @@ [Unit] -Description=Falco: Automatic rules update service +Description=Falcoctl Artifact Follow: automatic artifacts update service Documentation=https://falco.org/docs/ After=falco.target BindsTo=falco.target From 52f2f9319dafb43e7e74e44ae1e8e062c6d5fcdd Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Fri, 20 Jan 2023 11:50:59 +0100 Subject: [PATCH 07/20] update(cmake): bumped falcoctl to 0.3.0-rc2. Signed-off-by: Federico Di Pierro --- cmake/modules/falcoctl.cmake | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmake/modules/falcoctl.cmake b/cmake/modules/falcoctl.cmake index 10f42951eab..bf78bbdd6e5 100644 --- a/cmake/modules/falcoctl.cmake +++ b/cmake/modules/falcoctl.cmake @@ -15,14 +15,14 @@ include(ExternalProject) string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} FALCOCTL_SYSTEM_NAME) -set(FALCOCTL_VERSION "0.3.0-rc1") +set(FALCOCTL_VERSION "0.3.0-rc2") if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64") set(FALCOCTL_SYSTEM_PROC_GO "amd64") - set(FALCOCTL_HASH "ddb7da605cb45b6d84c4e7805ff1a0a4e8bed012d8198b74b782695e4c5ac8e0") + set(FALCOCTL_HASH "9f82055fdad9644e4ff300eae9da90c780a6ba1ce0dc11dbddbada0934a280b6") else() # aarch64 set(FALCOCTL_SYSTEM_PROC_GO "arm64") - set(FALCOCTL_HASH "398e380cd24a3ecb2c0967336983bea9621833b08c3442383a412fbc546dfcb8") + set(FALCOCTL_HASH "c563648352fefeb0247209eac99aa6e0d43fde75f8c8a59904bd0e47b2cfa0f9") endif() ExternalProject_Add( From 96720a6887d5e4732e8960d59b7c5004a4d5da54 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Fri, 20 Jan 2023 15:49:27 +0100 Subject: [PATCH 08/20] fix(scripts): some small fixes around falco and falcoctl systemd services logic. Signed-off-by: Federico Di Pierro --- scripts/debian/postinst.in | 48 +++++++++++++------------ scripts/rpm/postinstall.in | 74 +++++++++++++++++++------------------- 2 files changed, 63 insertions(+), 59 deletions(-) diff --git a/scripts/debian/postinst.in b/scripts/debian/postinst.in index 3d197f85d82..99d7c1bea77 100755 --- a/scripts/debian/postinst.in +++ b/scripts/debian/postinst.in @@ -17,7 +17,7 @@ # chosen_driver= -enable_falcoctl=1 +enable_falcoctl=0 if [ "$1" = "configure" ]; then if [ -x /usr/bin/dialog ]; then @@ -27,7 +27,7 @@ if [ "$1" = "configure" ]; then 2 "Kmod" \ 3 "eBPF" \ 4 "Modern eBPF" \ - 5 "Plugin" \ + 5 "Plugin (needs manual configuration)" \ 2>&1 >/dev/tty) case $CHOICE in 2) @@ -40,18 +40,20 @@ if [ "$1" = "configure" ]; then chosen_driver="modern-bpf" ;; 5) - chosen_driver="plugin (needs manual configuration)" + chosen_driver="plugin" ;; esac - CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \ - 1 "Yes" \ - 2 "No" \ - 2>&1 >/dev/tty) - case $CHOICE in - 2) - enable_falcoctl=0 - ;; - esac + if [ -n "$chosen_driver" ]; then + CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \ + 1 "Yes" \ + 2 "No" \ + 2>&1 >/dev/tty) + case $CHOICE in + 1) + enable_falcoctl=1 + ;; + esac + fi clear fi fi @@ -76,12 +78,12 @@ if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-decon systemctl --system enable "falco-$chosen_driver.service" || true echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':" systemctl --system start "falco-$chosen_driver.service" || true - fi - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Enable 'falcoctl-artifact-follow.service':" - systemctl --system enable "falcoctl-artifact-follow.service" || true - echo "[POST-INSTALL] Start 'falcoctl-artifact-follow.service':" - systemctl --system start "falcoctl-artifact-follow.service" || true + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Enable 'falcoctl-artifact-follow.service':" + systemctl --system enable "falcoctl-artifact-follow.service" || true + echo "[POST-INSTALL] Start 'falcoctl-artifact-follow.service':" + systemctl --system start "falcoctl-artifact-follow.service" || true + fi fi fi @@ -93,11 +95,11 @@ if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-decon echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:" # restart falco on upgrade if service is already running systemctl --system condrestart "falco-$chosen_driver.service" || true - fi - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Trigger 'falcoctl-artifact-follow.service' condrestart:" - # restart falcoctl-artifact-follow on upgrade if service is already running - systemctl --system condrestart "falcoctl-artifact-follow.service" || true + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Trigger 'falcoctl-artifact-follow.service' condrestart:" + # restart falcoctl-artifact-follow on upgrade if service is already running + systemctl --system condrestart "falcoctl-artifact-follow.service" || true + fi fi fi fi diff --git a/scripts/rpm/postinstall.in b/scripts/rpm/postinstall.in index 79db759cb19..0bbecae824c 100755 --- a/scripts/rpm/postinstall.in +++ b/scripts/rpm/postinstall.in @@ -16,7 +16,7 @@ # chosen_driver= -enable_falcoctl=1 +enable_falcoctl=0 if [ $1 -eq 1 ]; then if [ -x /usr/bin/dialog ]; then @@ -26,32 +26,34 @@ if [ $1 -eq 1 ]; then 2 "Kmod" \ 3 "eBPF" \ 4 "Modern eBPF" \ - 5 "Plugin" \ + 5 "Plugin (needs manual configuration)" \ 2>&1 >/dev/tty) - case $CHOICE in - 2) - chosen_driver="kmod" - ;; - 3) - chosen_driver="bpf" - ;; - 4) - chosen_driver="modern-bpf" - ;; - 5) - chosen_driver="plugin (needs manual configuration)" - ;; - esac - CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \ - 1 "Yes" \ - 2 "No" \ - 2>&1 >/dev/tty) - case $CHOICE in - 2) - enable_falcoctl=0 + case $CHOICE in + 2) + chosen_driver="kmod" ;; - esac - clear + 3) + chosen_driver="bpf" + ;; + 4) + chosen_driver="modern-bpf" + ;; + 5) + chosen_driver="plugin" + ;; + esac + if [ -n "$chosen_driver" ]; then + CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \ + 1 "Yes" \ + 2 "No" \ + 2>&1 >/dev/tty) + case $CHOICE in + 1) + enable_falcoctl=1 + ;; + esac + fi + clear fi fi @@ -85,12 +87,12 @@ if [ $1 -eq 1 ]; then systemctl --system enable "falco-$chosen_driver.service" || true echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':" systemctl --system start "falco-$chosen_driver.service" || true - fi - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Enable 'falcoctl-artifact-follow.service':" - systemctl --system enable "falcoctl-artifact-follow.service" || true - echo "[POST-INSTALL] Start 'falcoctl-artifact-follow.service':" - systemctl --system start "falcoctl-artifact-follow.service" || true + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Enable 'falcoctl-artifact-follow.service':" + systemctl --system enable "falcoctl-artifact-follow.service" || true + echo "[POST-INSTALL] Start 'falcoctl-artifact-follow.service':" + systemctl --system start "falcoctl-artifact-follow.service" || true + fi fi fi @@ -103,11 +105,11 @@ if [ $1 -gt 1 ]; then echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:" # restart falco on upgrade if service is already running systemctl --system condrestart "falco-$chosen_driver.service" || true - fi - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Trigger 'falcoctl-artifact-follow.service' condrestart:" - # restart falcoctl-artifact-follow on upgrade if service is already running - systemctl --system condrestart "falcoctl-artifact-follow.service" || true + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Trigger 'falcoctl-artifact-follow.service' condrestart:" + # restart falcoctl-artifact-follow on upgrade if service is already running + systemctl --system condrestart "falcoctl-artifact-follow.service" || true + fi fi fi fi From 8dd76a2783a7a3f40d171c74d3904462b2ac5745 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Mon, 23 Jan 2023 10:41:42 +0100 Subject: [PATCH 09/20] chore(scripts): small fixes to systemd units. Signed-off-by: Federico Di Pierro Co-authored-by: Roberto Scolaro --- scripts/systemd/falco-bpf.service | 5 ++++- scripts/systemd/falco-kmod.service | 5 ++++- scripts/systemd/falco-modern-bpf.service | 5 ++++- scripts/systemd/falco-plugin.service | 3 +++ scripts/systemd/falcoctl-artifact-follow.service | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/scripts/systemd/falco-bpf.service b/scripts/systemd/falco-bpf.service index 58127cd6eb3..cce39071e13 100644 --- a/scripts/systemd/falco-bpf.service +++ b/scripts/systemd/falco-bpf.service @@ -22,4 +22,7 @@ ProtectSystem=full ProtectKernelTunables=true RestrictRealtime=true RestrictAddressFamilies=~AF_PACKET -StandardOutput=null \ No newline at end of file +StandardOutput=null + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/systemd/falco-kmod.service b/scripts/systemd/falco-kmod.service index 500bb93e793..6f084b30b63 100644 --- a/scripts/systemd/falco-kmod.service +++ b/scripts/systemd/falco-kmod.service @@ -24,4 +24,7 @@ ProtectKernelTunables=true ReadWritePaths=/sys/module/falco RestrictRealtime=true RestrictAddressFamilies=~AF_PACKET -StandardOutput=null \ No newline at end of file +StandardOutput=null + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/systemd/falco-modern-bpf.service b/scripts/systemd/falco-modern-bpf.service index ef4bdc2e351..e370a5046f6 100644 --- a/scripts/systemd/falco-modern-bpf.service +++ b/scripts/systemd/falco-modern-bpf.service @@ -21,4 +21,7 @@ ProtectSystem=full ProtectKernelTunables=true RestrictRealtime=true RestrictAddressFamilies=~AF_PACKET -StandardOutput=null \ No newline at end of file +StandardOutput=null + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/systemd/falco-plugin.service b/scripts/systemd/falco-plugin.service index dac0c1d0207..60b6dcbf5fb 100644 --- a/scripts/systemd/falco-plugin.service +++ b/scripts/systemd/falco-plugin.service @@ -22,3 +22,6 @@ ProtectKernelTunables=true RestrictRealtime=true RestrictAddressFamilies=~AF_PACKET StandardOutput=null + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/systemd/falcoctl-artifact-follow.service b/scripts/systemd/falcoctl-artifact-follow.service index 80e1ec8704c..6fcabf5cdba 100644 --- a/scripts/systemd/falcoctl-artifact-follow.service +++ b/scripts/systemd/falcoctl-artifact-follow.service @@ -3,6 +3,7 @@ Description=Falcoctl Artifact Follow: automatic artifacts update service Documentation=https://falco.org/docs/ After=falco.target BindsTo=falco.target +DefaultDependencies=no [Service] Type=simple From c07c7c9e6e28a6d6b3e6e7e32c6a8a3fda515be7 Mon Sep 17 00:00:00 2001 From: Andrea Terzolo Date: Mon, 23 Jan 2023 11:26:45 +0100 Subject: [PATCH 10/20] chore: fix cmake file copy Signed-off-by: Andrea Terzolo --- scripts/CMakeLists.txt | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index d86098bf1c0..6ebae12c677 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -16,20 +16,18 @@ # # Systemd -file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco.target" - DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") -file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod-inject.service" - DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") -file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod.service" - DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") -file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-bpf.service" - DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") -file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-modern-bpf.service" - DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") -file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-plugin.service" - DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") -file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falcoctl-artifact-follow.service" - DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") +configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod-inject.service" + "${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY) +configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod.service" + "${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY) +configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-bpf.service" + "${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY) +configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-modern-bpf.service" + "${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY) +configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-plugin.service" + "${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY) +configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falcoctl-artifact-follow.service" + "${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY) # Debian configure_file(debian/postinst.in debian/postinst) From 468eefb7bc3131b9f3e6509664c27819e97885b1 Mon Sep 17 00:00:00 2001 From: Andrea Terzolo Date: Mon, 23 Jan 2023 11:27:47 +0100 Subject: [PATCH 11/20] scripts: remove falco.target and use require falcoctl with `Wants=` Signed-off-by: Andrea Terzolo --- cmake/cpack/CMakeCPackOptions.cmake | 1 - scripts/debian/postinst.in | 50 ++++++++---------- scripts/debian/prerm.in | 6 ++- scripts/rpm/postinstall.in | 52 ++++++++----------- scripts/rpm/preuninstall.in | 8 ++- scripts/systemd/falco-bpf.service | 5 +- scripts/systemd/falco-kmod.service | 5 +- scripts/systemd/falco-modern-bpf.service | 5 +- scripts/systemd/falco-plugin.service | 5 +- scripts/systemd/falco.target | 7 --- .../systemd/falcoctl-artifact-follow.service | 5 +- 11 files changed, 70 insertions(+), 79 deletions(-) delete mode 100644 scripts/systemd/falco.target diff --git a/cmake/cpack/CMakeCPackOptions.cmake b/cmake/cpack/CMakeCPackOptions.cmake index ef2a556ad5f..9c530b909ca 100644 --- a/cmake/cpack/CMakeCPackOptions.cmake +++ b/cmake/cpack/CMakeCPackOptions.cmake @@ -1,6 +1,5 @@ if(CPACK_GENERATOR MATCHES "DEB" OR CPACK_GENERATOR MATCHES "RPM") list(APPEND CPACK_INSTALL_COMMANDS "mkdir -p _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") - list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco.target _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-kmod-inject.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-kmod.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") diff --git a/scripts/debian/postinst.in b/scripts/debian/postinst.in index 99d7c1bea77..36451ecb42f 100755 --- a/scripts/debian/postinst.in +++ b/scripts/debian/postinst.in @@ -17,7 +17,21 @@ # chosen_driver= -enable_falcoctl=0 + +echo "[POST-INSTALL] Disable all possible enabled 'falco' service:" +systemctl --system stop 'falco-kmod.service' || true +systemctl --system stop 'falco-bpf.service' || true +systemctl --system stop 'falco-modern-bpf.service' || true +systemctl --system stop 'falco-plugin.service' || true +systemctl --system stop 'falcoctl-artifact-follow.service' || true +systemctl --system disable 'falco-kmod.service' || true +systemctl --system disable 'falco-bpf.service' || true +systemctl --system disable 'falco-modern-bpf.service' || true +systemctl --system disable 'falco-plugin.service' || true +systemctl --system disable 'falcoctl-artifact-follow.service' || true + +# unmask falcoctl if it was masked +systemctl --system unmask falcoctl-artifact-follow.service || true if [ "$1" = "configure" ]; then if [ -x /usr/bin/dialog ]; then @@ -49,8 +63,9 @@ if [ "$1" = "configure" ]; then 2 "No" \ 2>&1 >/dev/tty) case $CHOICE in - 1) - enable_falcoctl=1 + 2) + # we don't want falcoctl enabled by defualt, we mask it + systemctl --system mask falcoctl-artifact-follow.service || true ;; esac fi @@ -60,6 +75,9 @@ fi set -e +echo "[POST-INSTALL] Trigger deamon-reload:" +systemctl --system daemon-reload || true + # If needed, try to load/compile the driver through falco-driver-loader case "$chosen_driver" in "kmod") @@ -74,32 +92,10 @@ esac if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then if [ -n "$chosen_driver" ]; then + # we do this in 2 steps because `enable --now` is not always supported echo "[POST-INSTALL] Enable 'falco-$chosen_driver.service':" systemctl --system enable "falco-$chosen_driver.service" || true echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':" - systemctl --system start "falco-$chosen_driver.service" || true - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Enable 'falcoctl-artifact-follow.service':" - systemctl --system enable "falcoctl-artifact-follow.service" || true - echo "[POST-INSTALL] Start 'falcoctl-artifact-follow.service':" - systemctl --system start "falcoctl-artifact-follow.service" || true - fi - fi -fi - -if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then - if [ -d /run/systemd/system ]; then - echo "[POST-INSTALL] Trigger deamon-reload:" - systemctl --system daemon-reload || true - if [ -n "$chosen_driver" ]; then - echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:" - # restart falco on upgrade if service is already running - systemctl --system condrestart "falco-$chosen_driver.service" || true - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Trigger 'falcoctl-artifact-follow.service' condrestart:" - # restart falcoctl-artifact-follow on upgrade if service is already running - systemctl --system condrestart "falcoctl-artifact-follow.service" || true + systemctl --system start "falco-$chosen_driver.service" || true fi - fi - fi fi diff --git a/scripts/debian/prerm.in b/scripts/debian/prerm.in index 5bceda3744d..855a6a96d18 100755 --- a/scripts/debian/prerm.in +++ b/scripts/debian/prerm.in @@ -24,7 +24,11 @@ set -e case "$1" in remove|upgrade|deconfigure) echo "[PRE-REMOVE] Stop all Falco services:" - systemctl --system stop 'falco.target' || true + systemctl --system stop 'falco-kmod.service' || true + systemctl --system stop 'falco-bpf.service' || true + systemctl --system stop 'falco-modern-bpf.service' || true + systemctl --system stop 'falco-plugin.service' || true + systemctl --system stop 'falcoctl-artifact-follow.service' || true echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'" falco-driver-loader --clean diff --git a/scripts/rpm/postinstall.in b/scripts/rpm/postinstall.in index 0bbecae824c..490820b3801 100755 --- a/scripts/rpm/postinstall.in +++ b/scripts/rpm/postinstall.in @@ -16,7 +16,21 @@ # chosen_driver= -enable_falcoctl=0 + +echo "[POST-INSTALL] Disable all possible enabled 'falco' service:" +systemctl --system stop 'falco-kmod.service' || true +systemctl --system stop 'falco-bpf.service' || true +systemctl --system stop 'falco-modern-bpf.service' || true +systemctl --system stop 'falco-plugin.service' || true +systemctl --system stop 'falcoctl-artifact-follow.service' || true +systemctl --system disable 'falco-kmod.service' || true +systemctl --system disable 'falco-bpf.service' || true +systemctl --system disable 'falco-modern-bpf.service' || true +systemctl --system disable 'falco-plugin.service' || true +systemctl --system disable 'falcoctl-artifact-follow.service' || true + +# unmask falcoctl if it was masked +systemctl --system unmask falcoctl-artifact-follow.service || true if [ $1 -eq 1 ]; then if [ -x /usr/bin/dialog ]; then @@ -48,8 +62,9 @@ if [ $1 -eq 1 ]; then 2 "No" \ 2>&1 >/dev/tty) case $CHOICE in - 1) - enable_falcoctl=1 + 2) + # we don't want falcoctl enabled by defualt, we mask it + systemctl --system mask falcoctl-artifact-follow.service || true ;; esac fi @@ -59,6 +74,9 @@ fi set -e +echo "[POST-INSTALL] Trigger deamon-reload:" +systemctl --system daemon-reload || true + # If needed, try to load/compile the driver through falco-driver-loader case "$chosen_driver" in "kmod") @@ -80,36 +98,12 @@ esac # `systemd-update-helper install-system-units ` %systemd_post "falco-$chosen_driver.service" -# post install mirrored from .deb -if [ $1 -eq 1 ]; then +# post install/upgrade mirrored from .deb +if [ $1 -ge 1 ]; then if [ -n "$chosen_driver" ]; then echo "[POST-INSTALL] Enable 'falco-$chosen_driver.service':" systemctl --system enable "falco-$chosen_driver.service" || true echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':" systemctl --system start "falco-$chosen_driver.service" || true - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Enable 'falcoctl-artifact-follow.service':" - systemctl --system enable "falcoctl-artifact-follow.service" || true - echo "[POST-INSTALL] Start 'falcoctl-artifact-follow.service':" - systemctl --system start "falcoctl-artifact-follow.service" || true - fi - fi -fi - -# post upgrade mirrored from .deb -if [ $1 -gt 1 ]; then - if [ -d /run/systemd/system ]; then - echo "[POST-INSTALL] Trigger deamon-reload:" - systemctl --system daemon-reload || true - if [ -n "$chosen_driver" ]; then - echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:" - # restart falco on upgrade if service is already running - systemctl --system condrestart "falco-$chosen_driver.service" || true - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Trigger 'falcoctl-artifact-follow.service' condrestart:" - # restart falcoctl-artifact-follow on upgrade if service is already running - systemctl --system condrestart "falcoctl-artifact-follow.service" || true - fi fi - fi fi diff --git a/scripts/rpm/preuninstall.in b/scripts/rpm/preuninstall.in index 291e62e1cde..0d34074e4a0 100755 --- a/scripts/rpm/preuninstall.in +++ b/scripts/rpm/preuninstall.in @@ -18,7 +18,11 @@ set -e # Currently running falco service uses the driver, so stop it before driver cleanup echo "[PRE-REMOVE] Stop all Falco services:" -systemctl --system stop 'falco.target' || true +systemctl --system stop 'falco-kmod.service' || true +systemctl --system stop 'falco-bpf.service' || true +systemctl --system stop 'falco-modern-bpf.service' || true +systemctl --system stop 'falco-plugin.service' || true +systemctl --system stop 'falcoctl-artifact-follow.service' || true echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'" falco-driver-loader --clean @@ -34,4 +38,4 @@ falco-driver-loader --clean %systemd_preun 'falco-bpf.service' %systemd_preun 'falco-modern-bpf.service' %systemd_preun 'falco-plugin.service' -%systemd_preun 'falcoctl-artifact-follow.service' \ No newline at end of file +%systemd_preun 'falcoctl-artifact-follow.service' diff --git a/scripts/systemd/falco-bpf.service b/scripts/systemd/falco-bpf.service index cce39071e13..51ac8b6b1ba 100644 --- a/scripts/systemd/falco-bpf.service +++ b/scripts/systemd/falco-bpf.service @@ -1,7 +1,8 @@ [Unit] Description=Falco: Container Native Runtime Security with ebpf Documentation=https://falco.org/docs/ -PartOf=falco.target +Before=falcoctl-artifact-follow.service +Wants=falcoctl-artifact-follow.service Conflicts=falco-kmod.service Conflicts=falco-modern-bpf.service Conflicts=falco-plugin.service @@ -25,4 +26,4 @@ RestrictAddressFamilies=~AF_PACKET StandardOutput=null [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/scripts/systemd/falco-kmod.service b/scripts/systemd/falco-kmod.service index 6f084b30b63..fa5f37cee0c 100644 --- a/scripts/systemd/falco-kmod.service +++ b/scripts/systemd/falco-kmod.service @@ -3,7 +3,8 @@ Description=Falco: Container Native Runtime Security with kmod Documentation=https://falco.org/docs/ After=falco-kmod-inject.service Requires=falco-kmod-inject.service -PartOf=falco.target +Before=falcoctl-artifact-follow.service +Wants=falcoctl-artifact-follow.service Conflicts=falco-bpf.service Conflicts=falco-modern-bpf.service Conflicts=falco-plugin.service @@ -27,4 +28,4 @@ RestrictAddressFamilies=~AF_PACKET StandardOutput=null [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/scripts/systemd/falco-modern-bpf.service b/scripts/systemd/falco-modern-bpf.service index e370a5046f6..058138357d2 100644 --- a/scripts/systemd/falco-modern-bpf.service +++ b/scripts/systemd/falco-modern-bpf.service @@ -1,7 +1,8 @@ [Unit] Description=Falco: Container Native Runtime Security with modern ebpf Documentation=https://falco.org/docs/ -PartOf=falco.target +Before=falcoctl-artifact-follow.service +Wants=falcoctl-artifact-follow.service Conflicts=falco-kmod.service Conflicts=falco-bpf.service Conflicts=falco-plugin.service @@ -24,4 +25,4 @@ RestrictAddressFamilies=~AF_PACKET StandardOutput=null [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/scripts/systemd/falco-plugin.service b/scripts/systemd/falco-plugin.service index 60b6dcbf5fb..56e4c83e02e 100644 --- a/scripts/systemd/falco-plugin.service +++ b/scripts/systemd/falco-plugin.service @@ -1,7 +1,8 @@ [Unit] Description=Falco: Container Native Runtime Security with plugin Documentation=https://falco.org/docs/ -PartOf=falco.target +Before=falcoctl-artifact-follow.service +Wants=falcoctl-artifact-follow.service Conflicts=falco-kmod.service Conflicts=falco-bpf.service Conflicts=falco-modern-bpf.service @@ -24,4 +25,4 @@ RestrictAddressFamilies=~AF_PACKET StandardOutput=null [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/scripts/systemd/falco.target b/scripts/systemd/falco.target deleted file mode 100644 index df13a9e40fc..00000000000 --- a/scripts/systemd/falco.target +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Main Falco target -Requires=multi-user.target -After=multi-user.target - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/systemd/falcoctl-artifact-follow.service b/scripts/systemd/falcoctl-artifact-follow.service index 6fcabf5cdba..04538b25e6f 100644 --- a/scripts/systemd/falcoctl-artifact-follow.service +++ b/scripts/systemd/falcoctl-artifact-follow.service @@ -1,9 +1,7 @@ [Unit] Description=Falcoctl Artifact Follow: automatic artifacts update service Documentation=https://falco.org/docs/ -After=falco.target -BindsTo=falco.target -DefaultDependencies=no +PartOf=falco-bpf.service falco-kmod.service falco-modern-bpf.service falco-plugin.service [Service] Type=simple @@ -18,7 +16,6 @@ NoNewPrivileges=yes ProtectSystem=true ProtectKernelTunables=true RestrictRealtime=true -StandardOutput=null [Install] WantedBy=multi-user.target From abb207811597b3c29d70d862c04d328320d8fa62 Mon Sep 17 00:00:00 2001 From: Andrea Terzolo Date: Mon, 23 Jan 2023 16:44:55 +0100 Subject: [PATCH 12/20] docs: fix some comments Signed-off-by: Andrea Terzolo --- scripts/debian/postinst.in | 5 +++-- scripts/rpm/postinstall.in | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/scripts/debian/postinst.in b/scripts/debian/postinst.in index 36451ecb42f..bdbb002c168 100755 --- a/scripts/debian/postinst.in +++ b/scripts/debian/postinst.in @@ -18,7 +18,8 @@ chosen_driver= -echo "[POST-INSTALL] Disable all possible enabled 'falco' service:" +# Every time we call this script we want to stat from a clean state. +echo "[POST-INSTALL] Disable all possible 'falco' services:" systemctl --system stop 'falco-kmod.service' || true systemctl --system stop 'falco-bpf.service' || true systemctl --system stop 'falco-modern-bpf.service' || true @@ -64,7 +65,7 @@ if [ "$1" = "configure" ]; then 2>&1 >/dev/tty) case $CHOICE in 2) - # we don't want falcoctl enabled by defualt, we mask it + # we don't want falcoctl enabled, we mask it systemctl --system mask falcoctl-artifact-follow.service || true ;; esac diff --git a/scripts/rpm/postinstall.in b/scripts/rpm/postinstall.in index 490820b3801..8a014013beb 100755 --- a/scripts/rpm/postinstall.in +++ b/scripts/rpm/postinstall.in @@ -17,6 +17,7 @@ chosen_driver= +# Every time we call this script we want to stat from a clean state. echo "[POST-INSTALL] Disable all possible enabled 'falco' service:" systemctl --system stop 'falco-kmod.service' || true systemctl --system stop 'falco-bpf.service' || true @@ -63,7 +64,7 @@ if [ $1 -eq 1 ]; then 2>&1 >/dev/tty) case $CHOICE in 2) - # we don't want falcoctl enabled by defualt, we mask it + # we don't want falcoctl enabled, we mask it systemctl --system mask falcoctl-artifact-follow.service || true ;; esac From 086d78c6705416794085400e0e1c77eabcbf0046 Mon Sep 17 00:00:00 2001 From: Andrea Terzolo Date: Mon, 23 Jan 2023 17:30:58 +0100 Subject: [PATCH 13/20] cleanup: rename plugin unit into custom unit Signed-off-by: Andrea Terzolo --- cmake/cpack/CMakeCPackOptions.cmake | 2 +- scripts/CMakeLists.txt | 2 +- scripts/debian/postinst.in | 12 ++++-------- scripts/debian/postrm.in | 2 +- scripts/debian/prerm.in | 2 +- scripts/rpm/postinstall.in | 9 ++++----- scripts/rpm/postuninstall.in | 2 +- scripts/rpm/preuninstall.in | 4 ++-- scripts/systemd/falco-bpf.service | 2 +- .../{falco-plugin.service => falco-custom.service} | 2 +- scripts/systemd/falco-kmod.service | 2 +- scripts/systemd/falco-modern-bpf.service | 2 +- scripts/systemd/falcoctl-artifact-follow.service | 2 +- 13 files changed, 20 insertions(+), 25 deletions(-) rename scripts/systemd/{falco-plugin.service => falco-custom.service} (87%) diff --git a/cmake/cpack/CMakeCPackOptions.cmake b/cmake/cpack/CMakeCPackOptions.cmake index 9c530b909ca..6c3b4c8526a 100644 --- a/cmake/cpack/CMakeCPackOptions.cmake +++ b/cmake/cpack/CMakeCPackOptions.cmake @@ -4,7 +4,7 @@ if(CPACK_GENERATOR MATCHES "DEB" OR CPACK_GENERATOR MATCHES "RPM") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-kmod.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-modern-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") - list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-plugin.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") + list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-custom.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falcoctl-artifact-follow.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") endif() diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index 6ebae12c677..1ad7f6b1580 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -24,7 +24,7 @@ configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-bpf.service" "${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY) configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-modern-bpf.service" "${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY) -configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-plugin.service" +configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-custom.service" "${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY) configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falcoctl-artifact-follow.service" "${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY) diff --git a/scripts/debian/postinst.in b/scripts/debian/postinst.in index bdbb002c168..78cfc06ba50 100755 --- a/scripts/debian/postinst.in +++ b/scripts/debian/postinst.in @@ -23,12 +23,12 @@ echo "[POST-INSTALL] Disable all possible 'falco' services:" systemctl --system stop 'falco-kmod.service' || true systemctl --system stop 'falco-bpf.service' || true systemctl --system stop 'falco-modern-bpf.service' || true -systemctl --system stop 'falco-plugin.service' || true +systemctl --system stop 'falco-custom.service' || true systemctl --system stop 'falcoctl-artifact-follow.service' || true systemctl --system disable 'falco-kmod.service' || true systemctl --system disable 'falco-bpf.service' || true systemctl --system disable 'falco-modern-bpf.service' || true -systemctl --system disable 'falco-plugin.service' || true +systemctl --system disable 'falco-custom.service' || true systemctl --system disable 'falcoctl-artifact-follow.service' || true # unmask falcoctl if it was masked @@ -37,12 +37,11 @@ systemctl --system unmask falcoctl-artifact-follow.service || true if [ "$1" = "configure" ]; then if [ -x /usr/bin/dialog ]; then # If dialog is installed, create a dialog to let users choose the correct driver for them - CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 40 5 \ - 1 "Don't start" \ + CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 55 4 \ + 1 "Manual configuration (no unit is stared)" \ 2 "Kmod" \ 3 "eBPF" \ 4 "Modern eBPF" \ - 5 "Plugin (needs manual configuration)" \ 2>&1 >/dev/tty) case $CHOICE in 2) @@ -54,9 +53,6 @@ if [ "$1" = "configure" ]; then 4) chosen_driver="modern-bpf" ;; - 5) - chosen_driver="plugin" - ;; esac if [ -n "$chosen_driver" ]; then CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \ diff --git a/scripts/debian/postrm.in b/scripts/debian/postrm.in index 9f4b1da8a85..16bef26fb82 100755 --- a/scripts/debian/postrm.in +++ b/scripts/debian/postrm.in @@ -26,7 +26,7 @@ if [ -d /run/systemd/system ] && [ "$1" = remove ]; then systemctl --system disable 'falco-kmod.service' || true systemctl --system disable 'falco-bpf.service' || true systemctl --system disable 'falco-modern-bpf.service' || true - systemctl --system disable 'falco-plugin.service' || true + systemctl --system disable 'falco-custom.service' || true systemctl --system disable 'falcoctl-artifact-follow.service' || true echo "[POST-REMOVE] Trigger deamon-reload:" diff --git a/scripts/debian/prerm.in b/scripts/debian/prerm.in index 855a6a96d18..137f81e2f87 100755 --- a/scripts/debian/prerm.in +++ b/scripts/debian/prerm.in @@ -27,7 +27,7 @@ case "$1" in systemctl --system stop 'falco-kmod.service' || true systemctl --system stop 'falco-bpf.service' || true systemctl --system stop 'falco-modern-bpf.service' || true - systemctl --system stop 'falco-plugin.service' || true + systemctl --system stop 'falco-custom.service' || true systemctl --system stop 'falcoctl-artifact-follow.service' || true echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'" diff --git a/scripts/rpm/postinstall.in b/scripts/rpm/postinstall.in index 8a014013beb..6276968178f 100755 --- a/scripts/rpm/postinstall.in +++ b/scripts/rpm/postinstall.in @@ -22,12 +22,12 @@ echo "[POST-INSTALL] Disable all possible enabled 'falco' service:" systemctl --system stop 'falco-kmod.service' || true systemctl --system stop 'falco-bpf.service' || true systemctl --system stop 'falco-modern-bpf.service' || true -systemctl --system stop 'falco-plugin.service' || true +systemctl --system stop 'falco-custom.service' || true systemctl --system stop 'falcoctl-artifact-follow.service' || true systemctl --system disable 'falco-kmod.service' || true systemctl --system disable 'falco-bpf.service' || true systemctl --system disable 'falco-modern-bpf.service' || true -systemctl --system disable 'falco-plugin.service' || true +systemctl --system disable 'falco-custom.service' || true systemctl --system disable 'falcoctl-artifact-follow.service' || true # unmask falcoctl if it was masked @@ -36,12 +36,11 @@ systemctl --system unmask falcoctl-artifact-follow.service || true if [ $1 -eq 1 ]; then if [ -x /usr/bin/dialog ]; then # If dialog is installed, create a dialog to let users choose the correct driver for them - CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 40 5 \ - 1 "Don't start" \ + CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 55 4 \ + 1 "Manual configuration (no unit is started)" \ 2 "Kmod" \ 3 "eBPF" \ 4 "Modern eBPF" \ - 5 "Plugin (needs manual configuration)" \ 2>&1 >/dev/tty) case $CHOICE in 2) diff --git a/scripts/rpm/postuninstall.in b/scripts/rpm/postuninstall.in index 3091c411eb3..58626323530 100755 --- a/scripts/rpm/postuninstall.in +++ b/scripts/rpm/postuninstall.in @@ -22,7 +22,7 @@ if [ -d /run/systemd/system ] && [ $1 -eq 0 ]; then systemctl --system disable 'falco-kmod.service'|| true systemctl --system disable 'falco-bpf.service' || true systemctl --system disable 'falco-modern-bpf.service' || true - systemctl --system disable 'falco-plugin.service' || true + systemctl --system disable 'falco-custom.service' || true systemctl --system disable 'falcoctl-artifact-follow.service' || true echo "[POST-REMOVE] Trigger deamon-reload:" diff --git a/scripts/rpm/preuninstall.in b/scripts/rpm/preuninstall.in index 0d34074e4a0..46ff293878f 100755 --- a/scripts/rpm/preuninstall.in +++ b/scripts/rpm/preuninstall.in @@ -21,7 +21,7 @@ echo "[PRE-REMOVE] Stop all Falco services:" systemctl --system stop 'falco-kmod.service' || true systemctl --system stop 'falco-bpf.service' || true systemctl --system stop 'falco-modern-bpf.service' || true -systemctl --system stop 'falco-plugin.service' || true +systemctl --system stop 'falco-custom.service' || true systemctl --system stop 'falcoctl-artifact-follow.service' || true echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'" @@ -37,5 +37,5 @@ falco-driver-loader --clean %systemd_preun 'falco-kmod.service' %systemd_preun 'falco-bpf.service' %systemd_preun 'falco-modern-bpf.service' -%systemd_preun 'falco-plugin.service' +%systemd_preun 'falco-custom.service' %systemd_preun 'falcoctl-artifact-follow.service' diff --git a/scripts/systemd/falco-bpf.service b/scripts/systemd/falco-bpf.service index 51ac8b6b1ba..6bcdd06da55 100644 --- a/scripts/systemd/falco-bpf.service +++ b/scripts/systemd/falco-bpf.service @@ -5,7 +5,7 @@ Before=falcoctl-artifact-follow.service Wants=falcoctl-artifact-follow.service Conflicts=falco-kmod.service Conflicts=falco-modern-bpf.service -Conflicts=falco-plugin.service +Conflicts=falco-custom.service [Service] Type=simple diff --git a/scripts/systemd/falco-plugin.service b/scripts/systemd/falco-custom.service similarity index 87% rename from scripts/systemd/falco-plugin.service rename to scripts/systemd/falco-custom.service index 56e4c83e02e..9ec70ad2266 100644 --- a/scripts/systemd/falco-plugin.service +++ b/scripts/systemd/falco-custom.service @@ -1,5 +1,5 @@ [Unit] -Description=Falco: Container Native Runtime Security with plugin +Description=Falco: Container Native Runtime Security with custom configuration Documentation=https://falco.org/docs/ Before=falcoctl-artifact-follow.service Wants=falcoctl-artifact-follow.service diff --git a/scripts/systemd/falco-kmod.service b/scripts/systemd/falco-kmod.service index fa5f37cee0c..6e7b8c546db 100644 --- a/scripts/systemd/falco-kmod.service +++ b/scripts/systemd/falco-kmod.service @@ -7,7 +7,7 @@ Before=falcoctl-artifact-follow.service Wants=falcoctl-artifact-follow.service Conflicts=falco-bpf.service Conflicts=falco-modern-bpf.service -Conflicts=falco-plugin.service +Conflicts=falco-custom.service [Service] Type=simple diff --git a/scripts/systemd/falco-modern-bpf.service b/scripts/systemd/falco-modern-bpf.service index 058138357d2..fc9c6f42ad3 100644 --- a/scripts/systemd/falco-modern-bpf.service +++ b/scripts/systemd/falco-modern-bpf.service @@ -5,7 +5,7 @@ Before=falcoctl-artifact-follow.service Wants=falcoctl-artifact-follow.service Conflicts=falco-kmod.service Conflicts=falco-bpf.service -Conflicts=falco-plugin.service +Conflicts=falco-custom.service [Service] Type=simple diff --git a/scripts/systemd/falcoctl-artifact-follow.service b/scripts/systemd/falcoctl-artifact-follow.service index 04538b25e6f..1fe739805fb 100644 --- a/scripts/systemd/falcoctl-artifact-follow.service +++ b/scripts/systemd/falcoctl-artifact-follow.service @@ -1,7 +1,7 @@ [Unit] Description=Falcoctl Artifact Follow: automatic artifacts update service Documentation=https://falco.org/docs/ -PartOf=falco-bpf.service falco-kmod.service falco-modern-bpf.service falco-plugin.service +PartOf=falco-bpf.service falco-kmod.service falco-modern-bpf.service falco-custom.service [Service] Type=simple From ef4a089547f838beb2af52f902bf7b18f6337747 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Tue, 24 Jan 2023 12:10:58 +0100 Subject: [PATCH 14/20] chore: couple of small fixes. Signed-off-by: Federico Di Pierro --- scripts/debian/postinst.in | 2 +- scripts/rpm/postinstall.in | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/scripts/debian/postinst.in b/scripts/debian/postinst.in index 78cfc06ba50..a9fc8e83381 100755 --- a/scripts/debian/postinst.in +++ b/scripts/debian/postinst.in @@ -38,7 +38,7 @@ if [ "$1" = "configure" ]; then if [ -x /usr/bin/dialog ]; then # If dialog is installed, create a dialog to let users choose the correct driver for them CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 55 4 \ - 1 "Manual configuration (no unit is stared)" \ + 1 "Manual configuration (no unit is started)" \ 2 "Kmod" \ 3 "eBPF" \ 4 "Modern eBPF" \ diff --git a/scripts/rpm/postinstall.in b/scripts/rpm/postinstall.in index 6276968178f..d776b753e8f 100755 --- a/scripts/rpm/postinstall.in +++ b/scripts/rpm/postinstall.in @@ -52,9 +52,6 @@ if [ $1 -eq 1 ]; then 4) chosen_driver="modern-bpf" ;; - 5) - chosen_driver="plugin" - ;; esac if [ -n "$chosen_driver" ]; then CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \ From 72540f570af818279f52eda2f3cf8f0c4b699eff Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Tue, 24 Jan 2023 13:36:00 +0100 Subject: [PATCH 15/20] update(cmake): bumped falcoctl to latest version. Signed-off-by: Federico Di Pierro --- cmake/modules/falcoctl.cmake | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmake/modules/falcoctl.cmake b/cmake/modules/falcoctl.cmake index bf78bbdd6e5..1ffd5fc29af 100644 --- a/cmake/modules/falcoctl.cmake +++ b/cmake/modules/falcoctl.cmake @@ -15,14 +15,14 @@ include(ExternalProject) string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} FALCOCTL_SYSTEM_NAME) -set(FALCOCTL_VERSION "0.3.0-rc2") +set(FALCOCTL_VERSION "0.3.0-rc3") if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64") set(FALCOCTL_SYSTEM_PROC_GO "amd64") - set(FALCOCTL_HASH "9f82055fdad9644e4ff300eae9da90c780a6ba1ce0dc11dbddbada0934a280b6") + set(FALCOCTL_HASH "74667b85528c0ba8a13bb6b1f965584305fd14b464fa65205a91176c8912278e") else() # aarch64 set(FALCOCTL_SYSTEM_PROC_GO "arm64") - set(FALCOCTL_HASH "c563648352fefeb0247209eac99aa6e0d43fde75f8c8a59904bd0e47b2cfa0f9") + set(FALCOCTL_HASH "baa09b9d8421f90bdb740421823e2602a6d1f4e2b6069dbdfbbea7aaec392df5") endif() ExternalProject_Add( From ad449df3f642720d24d5b9f63c92e197f1f453fc Mon Sep 17 00:00:00 2001 From: Andrea Terzolo Date: Tue, 24 Jan 2023 15:04:11 +0100 Subject: [PATCH 16/20] fix: create directory for systemd scripts Signed-off-by: Andrea Terzolo --- scripts/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index 1ad7f6b1580..65d3730e673 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -16,6 +16,7 @@ # # Systemd +file(MAKE_DIRECTORY ${PROJECT_BINARY_DIR}/scripts/systemd) configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod-inject.service" "${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY) configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod.service" From 02a1b3cd47676f288104d85731c4947d4351ad4a Mon Sep 17 00:00:00 2001 From: Andrea Terzolo Date: Tue, 24 Jan 2023 16:21:47 +0100 Subject: [PATCH 17/20] update: add `falco` alias to kmod unit Signed-off-by: Andrea Terzolo --- scripts/systemd/falco-kmod.service | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/systemd/falco-kmod.service b/scripts/systemd/falco-kmod.service index 6e7b8c546db..29f6d5da5be 100644 --- a/scripts/systemd/falco-kmod.service +++ b/scripts/systemd/falco-kmod.service @@ -29,3 +29,4 @@ StandardOutput=null [Install] WantedBy=multi-user.target +Alias=falco.service From 7c4f1de10a29b028998aa750151fca523ca356a7 Mon Sep 17 00:00:00 2001 From: Andrea Terzolo Date: Wed, 25 Jan 2023 13:00:34 +0100 Subject: [PATCH 18/20] chore: bump rules and falcoctl Signed-off-by: Andrea Terzolo --- cmake/modules/falcoctl.cmake | 8 ++++---- cmake/modules/rules.cmake | 14 +++++++------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/cmake/modules/falcoctl.cmake b/cmake/modules/falcoctl.cmake index 1ffd5fc29af..fec22032def 100644 --- a/cmake/modules/falcoctl.cmake +++ b/cmake/modules/falcoctl.cmake @@ -15,14 +15,14 @@ include(ExternalProject) string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} FALCOCTL_SYSTEM_NAME) -set(FALCOCTL_VERSION "0.3.0-rc3") +set(FALCOCTL_VERSION "0.3.0-rc5") if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64") set(FALCOCTL_SYSTEM_PROC_GO "amd64") - set(FALCOCTL_HASH "74667b85528c0ba8a13bb6b1f965584305fd14b464fa65205a91176c8912278e") + set(FALCOCTL_HASH "012b4a45dccc3f62d2574f5481e154585ff8cb0c43d40ad9a7f49a057b311621") else() # aarch64 set(FALCOCTL_SYSTEM_PROC_GO "arm64") - set(FALCOCTL_HASH "baa09b9d8421f90bdb740421823e2602a6d1f4e2b6069dbdfbbea7aaec392df5") + set(FALCOCTL_HASH "e35a225c51ce45d1b53a3392caee60e1eeea9a1c885d43d63b2be16cc1b66c7a") endif() ExternalProject_Add( @@ -33,4 +33,4 @@ ExternalProject_Add( BUILD_COMMAND "" INSTALL_COMMAND "") -install(PROGRAMS "${PROJECT_BINARY_DIR}/falcoctl-prefix/src/falcoctl/falcoctl" DESTINATION "${FALCO_BIN_DIR}" COMPONENT "${FALCO_COMPONENT_NAME}") \ No newline at end of file +install(PROGRAMS "${PROJECT_BINARY_DIR}/falcoctl-prefix/src/falcoctl/falcoctl" DESTINATION "${FALCO_BIN_DIR}" COMPONENT "${FALCO_COMPONENT_NAME}") diff --git a/cmake/modules/rules.cmake b/cmake/modules/rules.cmake index 428e2f71ac8..97548890bc7 100644 --- a/cmake/modules/rules.cmake +++ b/cmake/modules/rules.cmake @@ -16,11 +16,11 @@ include(ExternalProject) # falco_rules.yaml set(FALCOSECURITY_RULES_FALCO_VERSION "falco-rules-0.1.0") -set(FALCOSECURITY_RULES_FALCO_CHECKSUM "SHA256=f909a996213ab659ef9f958ae64b16c83dca0035525cc044d4dc074250e8b152") -set(FALCOSECURITY_RULES_FALCO_PATH "${PROJECT_BINARY_DIR}/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml") +set(FALCOSECURITY_RULES_FALCO_CHECKSUM "SHA256=0d3705a4650f09d10e7831b16e7af59c1da34ff19e788896e9ee77010014db4d") +set(FALCOSECURITY_RULES_FALCO_PATH "${PROJECT_BINARY_DIR}/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml") ExternalProject_Add( falcosecurity-rules-falco - URL "https://github.com/falcosecurity/rules/archive/${FALCOSECURITY_RULES_FALCO_VERSION}.tar.gz" + URL "https://download.falco.org/rules/${FALCOSECURITY_RULES_FALCO_VERSION}.tar.gz" URL_HASH "${FALCOSECURITY_RULES_FALCO_CHECKSUM}" CONFIGURE_COMMAND "" BUILD_COMMAND "" @@ -30,11 +30,11 @@ ExternalProject_Add( # application_rules.yaml set(FALCOSECURITY_RULES_APPLICATION_VERSION "application-rules-0.1.0") -set(FALCOSECURITY_RULES_APPLICATION_CHECKSUM "SHA256=33fcdc121cedb8e49c735c7948ede7d9427fd61962914fc3b66fe3d94d331cbf") -set(FALCOSECURITY_RULES_APPLICATION_PATH "${PROJECT_BINARY_DIR}/falcosecurity-rules-application-prefix/src/falcosecurity-rules-application/rules/application_rules.yaml") +set(FALCOSECURITY_RULES_APPLICATION_CHECKSUM "SHA256=cf45c1a6997799610a7724ba7a2ceaa64a3bdc73d26cdfe06adb3f43e2321278") +set(FALCOSECURITY_RULES_APPLICATION_PATH "${PROJECT_BINARY_DIR}/falcosecurity-rules-application-prefix/src/falcosecurity-rules-application/application_rules.yaml") ExternalProject_Add( falcosecurity-rules-application - URL "https://github.com/falcosecurity/rules/archive/${FALCOSECURITY_RULES_APPLICATION_VERSION}.tar.gz" + URL "https://download.falco.org/rules/${FALCOSECURITY_RULES_APPLICATION_VERSION}.tar.gz" URL_HASH "${FALCOSECURITY_RULES_APPLICATION_CHECKSUM}" CONFIGURE_COMMAND "" BUILD_COMMAND "" @@ -88,4 +88,4 @@ else() # Default Falco installation COMPONENT "${FALCO_COMPONENT_NAME}") install(DIRECTORY DESTINATION "${FALCO_ETC_DIR}/rules.d" COMPONENT "${FALCO_COMPONENT_NAME}") -endif() \ No newline at end of file +endif() From a62bdd039e46ec83f1dfc00a849c983915c0b486 Mon Sep 17 00:00:00 2001 From: Andrea Terzolo Date: Wed, 25 Jan 2023 15:41:26 +0100 Subject: [PATCH 19/20] tests: fix rule paths Signed-off-by: Andrea Terzolo --- test/falco_k8s_audit_tests.yaml | 132 ++++++++++++++++---------------- test/falco_test.py | 2 +- 2 files changed, 67 insertions(+), 67 deletions(-) diff --git a/test/falco_k8s_audit_tests.yaml b/test/falco_k8s_audit_tests.yaml index 4f0d636a166..3e61833b2f4 100644 --- a/test/falco_k8s_audit_tests.yaml +++ b/test/falco_k8s_audit_tests.yaml @@ -21,7 +21,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml - ./rules/k8s_audit/engine_v4/allow_only_apache_container.yaml detect_counts: @@ -33,7 +33,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml - ./rules/k8s_audit/engine_v4/allow_nginx_container.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml @@ -44,7 +44,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml detect_counts: - Create Privileged Pod: 1 @@ -55,7 +55,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml - ./rules/k8s_audit/trust_nginx_container.yaml @@ -66,7 +66,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_nginx_pod_unprivileged.json @@ -76,7 +76,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml detect_counts: - Create HostNetwork Pod: 1 @@ -87,7 +87,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/engine_v4_k8s_audit_rules.yaml - ./rules/k8s_audit/trust_nginx_container.yaml @@ -99,7 +99,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/allow_namespace_foo.yaml detect_counts: @@ -111,7 +111,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/allow_namespace_foo.yaml - ./rules/k8s_audit/allow_user_some-user.yaml @@ -124,7 +124,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/allow_only_apache_container.yaml detect_counts: @@ -136,7 +136,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/allow_nginx_container.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml @@ -147,7 +147,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Create Privileged Pod: 1 @@ -159,7 +159,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Create Privileged Pod: 1 @@ -171,7 +171,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Create Privileged Pod: 1 @@ -182,7 +182,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/trust_nginx_container.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml @@ -192,7 +192,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_nginx_pod_unprivileged.json @@ -201,7 +201,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/trust_nginx_container.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml @@ -212,7 +212,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Create Sensitive Mount Pod: 1 @@ -224,7 +224,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Create Sensitive Mount Pod: 1 @@ -235,7 +235,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/trust_nginx_container.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml @@ -245,7 +245,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_nginx_pod_unsensitive_mount.json @@ -254,7 +254,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/trust_nginx_container.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml @@ -265,7 +265,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Create HostNetwork Pod: 1 @@ -276,7 +276,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/trust_nginx_container.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml @@ -286,7 +286,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_nginx_pod_nohostnetwork.json @@ -295,7 +295,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/trust_nginx_container.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml @@ -306,7 +306,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/disallow_kactivity.yaml detect_counts: @@ -318,7 +318,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/disallow_kactivity.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml @@ -329,7 +329,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/disallow_kactivity.yaml detect_counts: @@ -341,7 +341,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/disallow_kactivity.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml @@ -352,7 +352,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Anonymous Request Allowed: 1 @@ -364,7 +364,7 @@ trace_files: !mux detect_level: NOTICE enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Attach/Exec Pod: 1 @@ -376,7 +376,7 @@ trace_files: !mux detect_level: NOTICE enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Attach/Exec Pod: 1 @@ -388,7 +388,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/allow_user_some-user.yaml detect_counts: @@ -400,7 +400,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/allow_namespace_foo.yaml - ./rules/k8s_audit/disallow_kactivity.yaml @@ -412,7 +412,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Pod Created in Kube Namespace: 1 @@ -424,7 +424,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Pod Created in Kube Namespace: 1 @@ -436,7 +436,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Service Account Created in Kube Namespace: 1 @@ -448,7 +448,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Service Account Created in Kube Namespace: 1 @@ -460,7 +460,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - System ClusterRole Modified/Deleted: 1 @@ -472,7 +472,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - System ClusterRole Modified/Deleted: 1 @@ -484,7 +484,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - Attach to cluster-admin Role: 1 @@ -496,7 +496,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - ClusterRole With Wildcard Created: 1 @@ -508,7 +508,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - ClusterRole With Wildcard Created: 1 @@ -520,7 +520,7 @@ trace_files: !mux detect_level: NOTICE enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - ClusterRole With Write Privileges Created: 1 @@ -532,7 +532,7 @@ trace_files: !mux detect_level: WARNING enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - ClusterRole With Pod Exec Created: 1 @@ -544,7 +544,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s Deployment Created: 1 @@ -556,7 +556,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s Deployment Deleted: 1 @@ -568,7 +568,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s Service Created: 1 @@ -580,7 +580,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s Service Deleted: 1 @@ -592,7 +592,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s ConfigMap Created: 1 @@ -604,7 +604,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s ConfigMap Deleted: 1 @@ -616,7 +616,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml - ./rules/k8s_audit/allow_namespace_foo.yaml - ./rules/k8s_audit/allow_user_some-user.yaml @@ -630,7 +630,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s Namespace Deleted: 1 @@ -642,7 +642,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s Serviceaccount Created: 1 @@ -654,7 +654,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s Serviceaccount Deleted: 1 @@ -666,7 +666,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s Role/Clusterrole Created: 1 @@ -678,7 +678,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s Role/Clusterrole Deleted: 1 @@ -690,7 +690,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s Role/Clusterrolebinding Created: 1 @@ -702,7 +702,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s Role/Clusterrolebinding Deleted: 1 @@ -714,7 +714,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s Secret Created: 1 @@ -727,7 +727,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_service_account_token_secret.json @@ -737,7 +737,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_kube_system_secret.json @@ -747,7 +747,7 @@ trace_files: !mux detect_level: INFO enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml detect_counts: - K8s Secret Deleted: 1 @@ -758,7 +758,7 @@ trace_files: !mux detect: False enable_source: k8s_audit rules_file: - - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml + - BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml - BUILD_DIR/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/fal_01_003.json @@ -773,4 +773,4 @@ trace_files: !mux detect_counts: - json_pointer_example: 1 conf_file: BUILD_DIR/test/confs/plugins/k8s_audit.yaml - addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_nginx_pod_unprivileged.json \ No newline at end of file + addl_cmdline_opts: -o plugins[0].open_params=trace_files/k8s_audit/create_nginx_pod_unprivileged.json diff --git a/test/falco_test.py b/test/falco_test.py index 143f5443378..f719511c8ae 100644 --- a/test/falco_test.py +++ b/test/falco_test.py @@ -99,7 +99,7 @@ def setUp(self): self.addl_cmdline_opts = self.params.get('addl_cmdline_opts', '*', default='') self.enable_source = self.params.get('enable_source', '*', default='') self.rules_file = self.params.get( - 'rules_file', '*', default='BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml') + 'rules_file', '*', default='BUILD_DIR/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml') if not isinstance(self.rules_file, list): self.rules_file = [self.rules_file] From 79b55ca4fbd303bf1c16bc29f416008f4bd287f7 Mon Sep 17 00:00:00 2001 From: Andrea Terzolo Date: Wed, 25 Jan 2023 15:45:48 +0100 Subject: [PATCH 20/20] chore: bump libs version Signed-off-by: Andrea Terzolo --- cmake/modules/falcosecurity-libs.cmake | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake index d8c63d93b52..3e2ad437187 100644 --- a/cmake/modules/falcosecurity-libs.cmake +++ b/cmake/modules/falcosecurity-libs.cmake @@ -27,8 +27,8 @@ else() # In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable - # ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..` if(NOT FALCOSECURITY_LIBS_VERSION) - set(FALCOSECURITY_LIBS_VERSION "0.10.1") - set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=8439d52afd57c313b2c067a780ef8667e87669d16929f588681322acf1e52f14") + set(FALCOSECURITY_LIBS_VERSION "0.10.2") + set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=6191114dc315c4f49c7e49613aa50c4e30140312997ffaec99e0041f5539f738") endif() # cd /path/to/build && cmake /path/to/source