0.25.0
版本发布时间: 2020-08-25 22:22:49
falcosecurity/falco最新发布版本:0.38.1(2024-06-19 16:20:52)
Released on 2020-08-25
Major Changes
- new(userspace/falco): print the Falco and driver versions at the very beginning of the output. [#1303] - @leogr
- new: libyaml is now bundled in the release process. Users can now avoid installing libyaml directly when getting Falco from the official release. [#1252] - @fntlnz
Minor Changes
- docs(test): step-by-step instructions to run integration tests locally [#1313] - @leodido
- update: renameat2 syscall support [#1355] - @fntlnz
- update: support for 5.8.x kernels [#1355] - @fntlnz
Bug Fixes
- fix(userspace/falco): correct the fallback mechanism for loading the kernel module [#1366] - @leogr
- fix(falco-driver-loader): script crashing when using arguments [#1330] - @antoinedeschenes
Rule Changes
- rule(macro user_trusted_containers): add
sysdig/node-image-analyzerandsysdig/agent-slim[#1321] - @Kaizhe - rule(macro falco_privileged_images): add
docker.io/falcosecurity/falco[#1326] - @nvanheuverzwijn - rule(EphemeralContainers Created): add new rule to detect ephemeral container created [#1339] - @Kaizhe
- rule(macro user_read_sensitive_file_containers): replace endswiths with exact image repo name [#1349] - @Kaizhe
- rule(macro user_trusted_containers): replace endswiths with exact image repo name [#1349] - @Kaizhe
- rule(macro user_privileged_containers): replace endswiths with exact image repo name [#1349] - @Kaizhe
- rule(macro trusted_images_query_miner_domain_dns): replace endswiths with exact image repo name [#1349] - @Kaizhe
- rule(macro falco_privileged_containers): append "/" to quay.io/sysdig [#1349] - @Kaizhe
- rule(list falco_privileged_images): add images docker.io/sysdig/agent-slim and docker.io/sysdig/node-image-analyzer [#1349] - @Kaizhe
- rule(list falco_sensitive_mount_images): add image docker.io/sysdig/agent-slim [#1349] - @Kaizhe
- rule(list k8s_containers): prepend docker.io to images [#1349] - @Kaizhe
- rule(macro exe_running_docker_save): add better support for centos [#1350] - @admiral0
- rule(macro rename): add
renameat2syscall [#1359] - @leogr - rule(Read sensitive file untrusted): add trusted images into whitelist [#1327] - @Kaizhe
- rule(Pod Created in Kube Namespace): add new list k8s_image_list as white list [#1336] - @Kaizhe
- rule(list allowed_k8s_users): add "kubernetes-admin" user [#1323] - @leogr
Statistics
| Merged PRs | Number |
|---|---|
| Not user-facing | 5 |
| Release note | 15 |
| Total | 20 |