0.33.0
版本发布时间: 2022-10-19 23:18:15
falcosecurity/falco最新发布版本:0.39.1(2024-10-09 16:56:32)
Packages |
Download |
rpm-x86_64 |
|
deb-x86_64 |
|
tgz-x86_64 |
|
rpm-aarch64 |
|
deb-aarch64 |
|
tgz-aarch64 |
|
Images |
docker pull docker.io/falcosecurity/falco:0.33.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.33.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.33.0 |
docker pull docker.io/falcosecurity/falco-no-driver:0.33.0 |
Major Changes
- new: add a
drop_pct
referred to the global number of events [#2130] - @Andreagit97
- new: print some info about eBPF and enabled sources when Falco starts [#2133] - @Andreagit97
- new(userspace): print architecture information [#2147] - @Andreagit97
- new(CI): add CodeQL security scanning to Falco. [#2171] - @Andreagit97
- new: configure syscall buffer dimension from Falco [#2214] - @Andreagit97
- new(cmdline): add development support for modern BPF probe [#2221] - @Andreagit97
- new(falco-driver-loader):
DRIVERS_REPO
now supports the use of multiple download URLs (comma separated) [#2165] - @IanRobertson-wpe
- new(userspace/engine): support alternative plugin version requirements in checks [#2190] - @jasondellaluce
- new: support running multiple event sources in parallel [#2182] - @jasondellaluce
- new(userspace/falco): automatically create paths for grpc unix socket and gvisor endpoint. [#2189] - @FedeDP
- new(scripts): allow falco-driver-loader to properly distinguish any ubuntu flavor [#2178] - @FedeDP
- new: add option to enable event sources selectively [#2085] - @jasondellaluce
Minor Changes
- docs(falco-driver-loader): add some comments in
falco-driver-loader
[#2153] - @Andreagit97
- update(cmake): use latest libs tag
0.9.0
[#2257] - @Andreagit97
- update(.circleci): re-enabled cppcheck [#2186] - @leogr
- update(userspace/engine): improve falco files loading performance [#2151] - @VadimZy
- update(cmake): use latest driver tag 3.0.1+driver [#2251] - @Andreagit97
- update(userspace/falco)!: adapt stats writer for multiple parallel event sources [#2182] - @jasondellaluce
- refactor(userspace/engine): remove falco engine APIs that returned a required_engine_version [#2096] - @mstemm
- update(userspace/engine): add some small changes to rules matching that reduce cpu usage with high event volumes (> 1M syscalls/sec) [#2210] - @mstemm
- rules: added process IDs to default rules [#2211] - @spyder-kyle
- update(scripts/debian): falco.service systemd unit is now cleaned-up during (re)install and removal via the DEB and RPM packages [#2138] - @Happy-Dude
- update(userspace/falco): move on from deprecated libs API for printing event list [#2253] - @jasondellaluce
- chore(userspace/falco): improve cli helper and log options with debug level [#2252] - @jasondellaluce
- update(userspace): minor pre-release improvements [#2236] - @jasondellaluce
- update: bumped libs to fd46dd139a8e35692a7d40ab2f0ed2016df827cf. [#2201] - @FedeDP
- update!: gVisor sock default path changed from
/tmp/gvisor.sock
to /run/falco/gvisor.sock
[#2163] - @vjjmiras
- update!: gRPC server sock default path changed from
/run/falco.sock.sock
to /run/falco/falco.sock
[#2163] - @vjjmiras
- update(scripts/falco-driver-loader): minikube environment is now correctly detected [#2191] - @alacuku
- update(rules/falco_rules.yaml):
required_engine_version
changed to 13 [#2179] - @incertum
- refactor(userspace/falco): re-design stats writer and make it thread-safe [#2109] - @jasondellaluce
- refactor(userspace/falco): make signal handlers thread safe [#2091] - @jasondellaluce
- refactor(userspace/engine): strengthen and document thread-safety guarantees of falco_engine::process_event [#2082] - @jasondellaluce
- update(userspace/falco): make webserver threadiness configurable [#2090] - @jasondellaluce
- refactor(userspace/falco): reduce app actions dependency on app state and inspector [#2097] - @jasondellaluce
- update(userspace/falco): use move semantics in falco logger [#2095] - @jasondellaluce
- update: use
FALCO_HOSTNAME
env var to override the hostname value [#2174] - @leogr
- update: bump libs and driver versions to 6599e2efebce30a95f27739d655d53f0d5f686e4 [#2177] - @jasondellaluce
- refactor(userspace/falco): make output rate limiter optional and output engine explicitly thread-safe [#2139] - @jasondellaluce
- update(falco.yaml)!: notification rate limiter disabled by default. [#2139] - @jasondellaluce
Bug Fixes
Rule Changes
- rule(macro: known_gke_mount_in_privileged_containers): add new macro [#2198] - @hi120ki
- rule(Mount Launched in Privileged Container): add GKE default pod into allowlist in Mount Launched of Privileged Container rule [#2198] - @hi120ki
- rule(list: known_binaries_to_read_environment_variables_from_proc_files): add new list [#2193] - @hi120ki
- rule(Read environment variable from /proc files): add rule to detect an attempt to read process environment variables from /proc files [#2193] - @hi120ki
- rule(macro: k8s_containers): add falco no-driver images [#2234] - @jasondellaluce
- rule(macro: open_file_failed): add new macro [#2118] - @incertum
- rule(macro: directory_traversal): add new macro [#2118] - @incertum
- rule(Directory traversal monitored file read): add new rule [#2118] - @incertum
- rule(Modify Container Entrypoint): new rule created to detect CVE-2019-5736 [#2188] - @darryk10
- rule(Program run with disallowed http proxy env)!: disabled by default [#2179] - @incertum
- rule(Container Drift Detected (chmod))!: disabled by default [#2179] - @incertum
- rule(Container Drift Detected (open+create))!: disabled by default [#2179] - @incertum
- rule(Packet socket created in container)!: removed consider_packet_socket_communication macro [#2179] - @incertum
- rule(macro: consider_packet_socket_communication)!: remove unused macro [#2179] - @incertum
- rule(Interpreted procs outbound network activity)!: disabled by default [#2166] - @incertum
- rule(Interpreted procs inbound network activity)!: disabled by default [#2166] - @incertum
- rule(Contact cloud metadata service from container)!: disabled by default [#2166] - @incertum
- rule(macro: consider_interpreted_outbound)!: remove unused macro [#2166] - @incertum
- rule(macro: consider_interpreted_inbound)!: remove unused macro [#2166] - @incertum
- rule(macro: consider_metadata_access)!: remove unused macro [#2166] - @incertum
- rule(Unexpected outbound connection destination)!: disabled by default [#2168] - @incertum
- rule(Unexpected inbound connection source)!: disabled by default [#2168] - @incertum
- rule(Read Shell Configuration File)!: disabled by default [#2168] - @incertum
- rule(Schedule Cron Jobs)!: disabled by default [#2168] - @incertum
- rule(Launch Suspicious Network Tool on Host)!: disabled by default [#2168] - @incertum
- rule(Create Hidden Files or Directories)!: disabled by default [#2168] - @incertum
- rule(Outbound or Inbound Traffic not to Authorized Server Process and Port)!: disabled by default [#2168] - @incertum
- rule(Network Connection outside Local Subnet)!: disabled by default [#2168] - @incertum
- rule(macro: consider_all_outbound_conns)!: remove unused macro [#2168] - @incertum
- rule(macro: consider_all_inbound_conns)!: remove unused macro [#2168] - @incertum
- rule(macro: consider_shell_config_reads)!: remove unused macro [#2168] - @incertum
- rule(macro: consider_all_cron_jobs)!: remove unused macro [#2168] - @incertum
- rule(macro: consider_all_inbound_conns)!: remove unused macro [#2168] - @incertum
- rule(macro: consider_hidden_file_creation)!: remove unused macro [#2168] - @incertum
- rule(macro: allowed_port)!: remove unused macro [#2168] - @incertum
- rule(macro: enabled_rule_network_only_subnet)!: remove unused macro [#2168] - @incertum
- rule(macro: consider_userfaultfd_activities)!: remove unused macro [#2168] - @incertum
- rule(macro: consider_all_chmods)!: remove unused macro [#2168] - @incertum
- rule(Set Setuid or Setgid bit)!: removed consider_all_chmods macro [#2168] - @incertum
- rule(Container Drift Detected (chmod))!: removed consider_all_chmods macro [#2168] - @incertum
- rule(Unprivileged Delegation of Page Faults Handling to a Userspace Process)!: removed consider_userfaultfd_activities macro [#2168] - @incertum
Non user-facing changes
Statistics
Merged PRs |
Number |
Not user-facing |
29 |
Release note |
50 |
Total |
79 |
Release Manager @jasondellaluce
相关地址:原始地址
下载(tar)
下载(zip)
查看:2022-10-19发行的版本