0.28.0
版本发布时间: 2021-04-13 00:42:32
falcosecurity/falco最新发布版本:0.39.1(2024-10-09 16:56:32)
Packages |
Download |
rpm |
|
deb |
|
tgz |
|
Images |
docker pull docker.io/falcosecurity/falco:0.28.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.28.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.28.0 |
docker pull docker.io/falcosecurity/falco-no-driver:0.28.0 |
Major Changes
Minor Changes
- docs(proposals): libraries and drivers donation [#1530] - @leodido
- docs(docker): update links to the new Falco website URLs [#1545] - @cpanato
- docs(test): update links to new Falco website URLs [#1563] - @shane-lawrence
- build: now Falco packages are published at https://download.falco.org [#1577] - @leogr
- update: lower the
syscall_event_drops.max_burst
default value to 1 [#1586] - @leodido
- update: falco-driver-loader tries to download a Falco driver before then compiling it on the fly for the host [#1599] - @leodido
- docs(test): document the prerequisites for running the integration test suite locally [#1609] - @fntlnz
- update: Debian/RPM package migrated from init to systemd [#1448] - @jenting
Bug Fixes
- fix(userspace/engine): properly handle field extraction over lists of containers when not all containers match the specified sub-properties [#1601] - @mstemm
- fix(docker/falco): add flex and bison dependency to container image [#1562] - @schans
- fix: ignore action can not be used with log and alert ones (
syscall_event_drops
config) [#1586] - @leodido
- fix(userspace/engine): allows fields starting with numbers to be parsed properly [#1598] - @mstemm
Rule Changes
- rule(Write below monitored dir): improve rule description [#1588] - @stevenshuang
- rule(macro allowed_aws_eks_registry_root): macro to match the official eks registry [#1555] - @ismailyenigul
- rule(macro aws_eks_image): match aws image repository for eks [#1555] - @ismailyenigul
- rule(macro aws_eks_image_sensitive_mount): match aws cni images [#1555] - @ismailyenigul
- rule(macro k8s_containers): include fluent/fluentd-kubernetes-daemonset and prom/prometheus [#1555] - @ismailyenigul
- rule(Launch Privileged Container): exclude aws_eks_image [#1555] - @ismailyenigul
- rule(Launch Sensitive Mount Container): exclude aws_eks_image_sensitive_mount [#1555] - @ismailyenigul
- rule(Debugfs Launched in Privileged Container): new rule [#1583] - @Kaizhe
- rule(Mount Launched in Privileged Container): new rule [#1583] - @Kaizhe
- rule(Set Setuid or Setgid bit): add k3s-agent in the whitelist [#1583] - @Kaizhe
- rule(macro user_ssh_directory): using glob operator [#1560] - @shane-lawrence
- rule(list falco_sensitive_mount_containers): added image exceptions for IBM cloud [#1337] - @nibalizer
- rule(list rpm_binaries): add rhsmcertd [#1385] - @epcim
- rule(list deb_binaries): add apt.systemd.daily [#1385] - @epcim
- rule(Sudo Potential Privilege Escalation): new rule created to detect CVE-2021-3156 [#1543] - @darryk10
- rule(list allowed_k8s_users): add
eks:node-manager
[#1536] - @ismailyenigul
- rule(list mysql_mgmt_binaries): removed [#1602] - @fntlnz
- rule(list db_mgmt_binaries): removed [#1602] - @fntlnz
- rule(macro parent_ansible_running_python): removed [#1602] - @fntlnz
- rule(macro parent_bro_running_python): removed [#1602] - @fntlnz
- rule(macro parent_python_running_denyhosts): removed [#1602] - @fntlnz
- rule(macro parent_linux_image_upgrade_script): removed [#1602] - @fntlnz
- rule(macro parent_java_running_echo): removed [#1602] - @fntlnz
- rule(macro parent_scripting_running_builds): removed [#1602] - @fntlnz
- rule(macro parent_Xvfb_running_xkbcomp): removed [#1602] - @fntlnz
- rule(macro parent_nginx_running_serf): removed [#1602] - @fntlnz
- rule(macro parent_node_running_npm): removed [#1602] - @fntlnz
- rule(macro parent_java_running_sbt): removed [#1602] - @fntlnz
- rule(list known_container_shell_spawn_cmdlines): removed [#1602] - @fntlnz
- rule(list known_shell_spawn_binaries): removed [#1602] - @fntlnz
- rule(macro run_by_puppet): removed [#1602] - @fntlnz
- rule(macro user_privileged_containers): removed [#1602] - @fntlnz
- rule(list rancher_images): removed [#1602] - @fntlnz
- rule(list images_allow_network_outside_subnet): removed [#1602] - @fntlnz
- rule(macro parent_python_running_sdchecks): removed [#1602] - @fntlnz
- rule(macro trusted_containers): removed [#1602] - @fntlnz
- rule(list authorized_server_binaries): removed [#1602] - @fntlnz
Non user-facing changes
Statistics
Merged PRs |
Number |
Not user-facing |
17 |
Release note |
24 |
Total |
41 |
相关地址:原始地址
下载(tar)
下载(zip)
查看:2021-04-13发行的版本