feat: falco version bump, make BPF work again
This commit is contained in:
parent
1c57edd432
commit
d746652970
@ -1,7 +1,7 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=falco
|
||||
pkgver=0.39.2
|
||||
pkgver=0.40.0
|
||||
pkgrel=0
|
||||
pkgdesc="Falco is the open source solution for runtime security for hosts, containers, Kubernetes and the cloud"
|
||||
url="https://github.com/falcosecurity/falco"
|
||||
@ -48,8 +48,8 @@ build() {
|
||||
-DCMAKE_INSTALL_PREFIX=/usr \
|
||||
-DFALCO_ETC_DIR=/etc/falco \
|
||||
-DUSE_BUNDLED_DEPS=On \
|
||||
-DUSE_JEMALLOC=On \
|
||||
-DMINIMAL_BUILD=On \
|
||||
-DUSE_JEMALLOC=Off \
|
||||
-DUSE_DYNAMIC_LIBELF=Off \
|
||||
-DMUSL_OPTIMIZED_BUILD=On \
|
||||
-DBUILD_DRIVER=Off \
|
||||
@ -80,8 +80,8 @@ package() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
198405e9383625ca4d78822de7674c62863d15b3108ba5b06d4cf6ff20850f7eec9123fe7d98d049acc2931b98e4b09d7ef0d66136a31363ce59a64ad9e8eda0 falco-0.39.2.tar.gz
|
||||
b152fcf6cd81895efa37797ab7ff1aac7350b5f51f2648aa9e3cce9d5ece55791ddf82c396e9da216293e2379a785a294cc972f28a91162dc5bc88ab09e1ab08 falco.patch
|
||||
b6cf8bda946b71241b332d25bcde73e73159ae0993be4291c158e23e44f927b4432d53b9d6d730aee442c94ffc75e119b9f6467e94a0950a19a5f1369afb4e13 rules.patch
|
||||
1db97907cd43447472dde3cd5035b49eec3d1a6a2270a76c229edc076934d57de054d518f9299fb54ea9b46f17d28863a0e6d4311325dbaefffe5c38cdd314df falco-0.40.0.tar.gz
|
||||
1cfa0fc1ad837b68e571564244fceedcfe23d698bc43fc88bdc95f8ad83370d96e843fccb0494c09b78ba059687dd9bb7bdfd53c6bfc90d08a9cdab124a13efd falco.patch
|
||||
a7ab1f2e365fe3aba5a1e3797dce632123bf9477eccfefb1d31f0ae10300d657e328c0a84462fb1557e10e88d567e2e93220db054cb6089ee52ee38bba1096e4 rules.patch
|
||||
9d1292a99bab7792bfe344940fa41ccf01318d5f30f854b01457e9f53ccca27f7f334466c061a11fbe8ebf918aeeb7f723b16a233c9e3bd60dd632d831ae9f5c falco.initd
|
||||
"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
--- falco.yaml 2023-07-05 11:42:11.816317256 +0000
|
||||
+++ zdt_falco.yaml 2023-07-05 11:31:07.476468029 +0000
|
||||
@@ -238,7 +238,7 @@
|
||||
--- falco.yml.orig 2025-01-29 17:13:37.287476135 +0000
|
||||
+++ falco.yaml 2025-01-29 17:03:49.774144402 +0000
|
||||
@@ -522,7 +522,7 @@
|
||||
# When enabled, Falco will output alert messages and rules file
|
||||
# loading/validation results in JSON format, making it easier for downstream
|
||||
# programs to process and consume the data. By default, this option is disabled.
|
||||
@ -9,12 +9,12 @@
|
||||
|
||||
# [Stable] `json_include_output_property`
|
||||
#
|
||||
@@ -263,7 +263,7 @@
|
||||
# Enabling buffering for the output queue can offer performance optimization,
|
||||
# efficient resource usage, and smoother data flow, resulting in a more reliable
|
||||
# output mechanism. By default, buffering is disabled (false).
|
||||
@@ -561,7 +561,7 @@
|
||||
# Additionally, this setting is separate from the `output_queue` option. The output queue
|
||||
# sits between the rule engine and the output channels, while output buffering occurs
|
||||
# afterward once the specific channel implementation outputs the formatted message.
|
||||
-buffered_outputs: false
|
||||
+buffered_outputs: true
|
||||
|
||||
# [Stable] `outputs`
|
||||
# [Incubating] `rule_matching`
|
||||
#
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,29 +1,38 @@
|
||||
--- falco_rules.yaml 2023-11-07 16:26:40.171716913 +0000
|
||||
+++ zdt_falco_rules.yaml 2023-11-07 16:30:24.912804117 +0000
|
||||
@@ -171,7 +171,7 @@
|
||||
--- falco_rules.yaml.orig 2025-01-29 18:47:38.918577192 +0000
|
||||
+++ falco_rules.yaml 2025-01-29 18:47:21.505145109 +0000
|
||||
@@ -172,7 +172,7 @@
|
||||
# A canonical set of processes that run other programs with different
|
||||
# privileges or as a different user.
|
||||
- list: userexec_binaries
|
||||
- items: [sudo, su, suexec, critical-stack, dzdo]
|
||||
+ items: [doas, sudo, su, suexec, critical-stack, dzdo]
|
||||
|
||||
|
||||
- list: user_mgmt_binaries
|
||||
items: [login_binaries, passwd_binaries, shadowutils_binaries]
|
||||
@@ -200,7 +200,7 @@
|
||||
@@ -201,7 +201,7 @@
|
||||
]
|
||||
|
||||
|
||||
- list: sensitive_file_names
|
||||
- items: [/etc/shadow, /etc/sudoers, /etc/pam.conf, /etc/security/pwquality.conf]
|
||||
+ items: [/etc/shadow, /etc/doas.d/doas.conf, /etc/sudoers, /etc/pam.conf, /etc/security/pwquality.conf]
|
||||
|
||||
|
||||
- list: sensitive_directory_names
|
||||
items: [/, /etc, /etc/, /root, /root/]
|
||||
@@ -208,7 +208,7 @@
|
||||
@@ -209,7 +209,7 @@
|
||||
- macro: sensitive_files
|
||||
condition: >
|
||||
(fd.name in (sensitive_file_names) or
|
||||
- fd.directory in (/etc/sudoers.d, /etc/pam.d))
|
||||
+ fd.directory in (/etc/sudoers.d, /etc/pam.d, /etc/doas.d))
|
||||
|
||||
|
||||
# Indicates that the process is new. Currently detected using time
|
||||
# since process was started, using a threshold of 5 seconds.
|
||||
@@ -362,7 +362,7 @@
|
||||
|
||||
- list: read_sensitive_file_binaries
|
||||
items: [
|
||||
- iptables, ps, lsb_release, check-new-relea, dumpe2fs, accounts-daemon, sshd,
|
||||
+ iptables, ps, lsb_release, check-new-relea, dumpe2fs, accounts-daemon, sshd, sshd-session,
|
||||
vsftpd, systemd, mysql_install_d, psql, screen, debconf-show, sa-update,
|
||||
pam-auth-update, pam-config, /usr/sbin/spamd, polkit-agent-he, lsattr, file, sosreport,
|
||||
scxcimservera, adclient, rtvscand, cockpit-session, userhelper, ossec-syscheckd
|
||||
|
||||
Loading…
Reference in New Issue
Block a user