Bot releases are visible (Hide)
Published by LucaGuerra about 1 year ago
Packages | Download |
---|---|
rpm-x86_64 | |
deb-x86_64 | |
tgz-x86_64 | |
rpm-aarch64 | |
deb-aarch64 | |
tgz-aarch64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.36.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.36.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.36.0 |
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.36.0 |
docker pull docker.io/falcosecurity/falco-no-driver:0.36.0 |
docker pull docker.io/falcosecurity/falco-distroless:0.36.0 |
Released on 2023-09-26
falco-rules
is now a stable rule file. This file contains a much smaller number of rules that are less noisy and have been vetted by the community. This serves as a much requested "starter" Falco rule set that covers many common use case. The rest of that file has been expanded and split into falco-incubating-rules
and falco-sandbox-rules
. For more information, see the rules repository
falcosecurity/falco
container image and its falco-driver-loader
counterpart have been upgraded. Now they are able to compile the kernel module or classic eBPF probe for relatively newer version of the kernel (5.x and above) while we no longer ship toolchains to compile the kernel module for older versions in the default images. Downloading of prebuilt drivers and the modern eBPF will work exactly like before. The older image, meant for compatibility with older kernels (4.x and below), is currently retained as falcosecurity/falco-driver-loader-legacy
.http_output.echo
in falco.yaml
.--list-syscall-events
command line option has been replaced by --list-events
which prints all supported system events (syscall, tracepoints, metaevents, internal plugin events) in addition to extra information about flags.proc.exepath
have changed. Now that field contains the executable path on disk even if the binary was launched from a symbolic link.-d
daemonize option has been removed.stats
command line option (-s
, --stats-interval
) has been removed in favor of metrics configs in falco.yaml
-p
option is now changed:
-pc
is set Falco will print container_id=%container.id container_image=%container.image.repository container_image_tag=%container.image.tag container_name=%container.name
-pk
is set it will print as above, but with k8s_ns=%k8s.ns.name k8s_pod_name=%k8s.pod.name
appended%container.info
is now equal container_id=%container.id container_name=%container.name
[#2793] - @leogr
-d
daemonize option [#2677] - @incertum
falcoctl
to version 0.6.0 [#2764] - @leogr
-p
presets have been updated to reflect the new rules style guide [#2737] - @leogr
base_syscalls
config [#2740] - @incertum
userspace
option [#2761] - @Andreagit97
69c9be8
to 77ba57a
[#2833] - @dependabot[bot]
ee5fb38
to bea364e
[#2814] - @dependabot[bot]
43580b4
to ee5fb38
[#2810] - @dependabot[bot]
c6e01fa
to 43580b4
[#2801] - @dependabot[bot]
76d1743
to 30c3643
[#2802] - @dependabot[bot]
d31dbc2
to c6e01fa
[#2797] - @dependabot[bot]
b6372d2
to d31dbc2
[#2794] - @dependabot[bot]
6ed73fe
to b6372d2
[#2786] - @dependabot[bot]
9126bef
to 0328c59
[#2709] - @dependabot[bot]
0d0e333
to 64ce419
[#2731] - @dependabot[bot]
3ceea88
to 40a9817
[#2745] - @dependabot[bot]
b39c807
to 9110022
[#2760] - @dependabot[bot]
--pidfile
option from systemd units [#2742] - @Andreagit97
bf1639a
to 3ceea88
[#2741] - @dependabot[bot]
64ce419
to bf1639a
[#2738] - @dependabot[bot]
MERGED PRS | NUMBER |
---|---|
Not user-facing | 48 |
Release note | 38 |
Total | 86 |
Published by Andreagit97 about 1 year ago
Published by FedeDP about 1 year ago
Packages | Download |
---|---|
rpm-x86_64 | |
deb-x86_64 | |
tgz-x86_64 | |
rpm-aarch64 | |
deb-aarch64 | |
tgz-aarch64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.36.0-rc2 |
docker pull public.ecr.aws/falcosecurity/falco:0.36.0-rc2 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.36.0-rc2 |
docker pull docker.io/falcosecurity/falco-no-driver:0.36.0-rc2 |
Second Release Candidate for Falco 0.36.0.
To see what's included, check the corresponding milestone: https://github.com/falcosecurity/falco/milestone/30
Published by FedeDP about 1 year ago
First Release Candidate for Falco 0.36.0.
To see what's included, check the corresponding milestone: https://github.com/falcosecurity/falco/milestone/30
Published by FedeDP over 1 year ago
Packages | Download |
---|---|
rpm-x86_64 | |
deb-x86_64 | |
tgz-x86_64 | |
rpm-aarch64 | |
deb-aarch64 | |
tgz-aarch64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.35.1 |
docker pull public.ecr.aws/falcosecurity/falco:0.35.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.35.1 |
docker pull docker.io/falcosecurity/falco-no-driver:0.35.1 |
Published by FedeDP over 1 year ago
Packages | Download |
---|---|
rpm-x86_64 | |
deb-x86_64 | |
tgz-x86_64 | |
rpm-aarch64 | |
deb-aarch64 | |
tgz-aarch64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.35.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.35.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.35.0 |
docker pull docker.io/falcosecurity/falco-no-driver:0.35.0 |
syscall_drop_failed
config option to drop failed syscalls exit events [#2456] - @FedeDP
-l
or -L
flags when json output format is specified [#2544] - @loresuso
-A
flag [#2551] - @Andreagit97
falco-driver-loader
now uses now uses $TMPDIR if set [#2518] - @jabdr
--mesos-api
, -pmesos
, and -pm
command-line flags [#2465] - @leogr
3471984
to 16fb709
[#2598] - @dependabot[bot]
b2290ad
to 3471984
[#2577] - @dependabot[bot]
3f52480
to b2290ad
[#2570] - @dependabot[bot]
3f52480
to 6da15ae
[#2559] - @dependabot[bot]
docker save
to store images. [#2560] - @FedeDP
TARGETARCH
. [#2558] - @FedeDP
f773578
to 6da15ae
[#2553] - @dependabot[bot]
5857874
to 1bd7e4a
[#2478] - @dependabot[bot]
694adf5
to 5857874
[#2473] - @dependabot[bot]
e0646a0
to 694adf5
[#2466] - @dependabot[bot]
0b0f50f
to e0646a0
[#2460] - @dependabot[bot]
Published by FedeDP over 1 year ago
Release Candidate for Falco 0.35.0
Published by LucaGuerra over 1 year ago
Release Candidate for Falco 0.35.0
Published by LucaGuerra over 1 year ago
This is a test for the release pipeline.
Published by LucaGuerra over 1 year ago
This is a test for the release pipeline.
Published by LucaGuerra over 1 year ago
This is a test for the release pipeline.
Published by LucaGuerra over 1 year ago
This is a test for the release pipeline
Published by LucaGuerra over 1 year ago
This is a test for the release pipeline.
Published by Andreagit97 over 1 year ago
Packages | Download |
---|---|
rpm-x86_64 | |
deb-x86_64 | |
tgz-x86_64 | |
rpm-aarch64 | |
deb-aarch64 | |
tgz-aarch64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.34.1 |
docker pull public.ecr.aws/falcosecurity/falco:0.34.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.34.1 |
docker pull docker.io/falcosecurity/falco-no-driver:0.34.1 |
docker pull docker.io/falcosecurity/falcoctl:0.4.0 |
Merged PRs | Number |
---|---|
Not user-facing | 1 |
Release note | 1 |
Total | 2 |
@alacuku
Published by Andreagit97 over 1 year ago
Packages | Download |
---|---|
rpm-x86_64 | |
deb-x86_64 | |
tgz-x86_64 | |
rpm-aarch64 | |
deb-aarch64 | |
tgz-aarch64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.34.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.34.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.34.0 |
docker pull docker.io/falcosecurity/falco-no-driver:0.34.0 |
docker pull docker.io/falcosecurity/falcoctl:0.4.0 |
application_rules.yaml
you can download it from https://github.com/falcosecurity/rules/tree/main/rules and manually install it. [#2389] - @leogr
falcoctl
config into Falco package [#2390] - @Andreagit97
simulate_drops
config [#2260] - @Andreagit97
falcoctl
v0.4.0 [#2406] - @loresuso
modern_bpf.cpus_for_each_syscall_buffer
default value [#2404] - @Andreagit97
/etc/falco/rules.available
has been deprecated [#2389] - @leogr
application_rules.yaml
is not shipped anymore with Falco [#2389] - @leogr
open_params
under plugins configuration is now trimmed from surrounding whitespace [#2267] - @yardenshoham
njson
lib as a dependency for falco_engine
[#2316] - @Andreagit97
cpus_for_each_syscall_buffer
config [#2378] - @Andreagit97
falco-builder
reference where possible [#2322] - @Andreagit97
Merged PRs | Number |
---|---|
Not user-facing | 30 |
Release note | 53 |
Total | 83 |
@LucaGuerra
Published by leogr almost 2 years ago
Packages | Download |
---|---|
rpm-x86_64 | |
deb-x86_64 | |
tgz-x86_64 | |
rpm-aarch64 | |
deb-aarch64 | |
tgz-aarch64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.33.1 |
docker pull public.ecr.aws/falcosecurity/falco:0.33.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.33.1 |
docker pull docker.io/falcosecurity/falco-no-driver:0.33.1 |
Merged PRs | Number |
---|---|
Not user-facing | 1 |
Release note | 2 |
Total | 3 |
@LucaGuerra
Published by jasondellaluce about 2 years ago
Packages | Download |
---|---|
rpm-x86_64 | |
deb-x86_64 | |
tgz-x86_64 | |
rpm-aarch64 | |
deb-aarch64 | |
tgz-aarch64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.33.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.33.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.33.0 |
docker pull docker.io/falcosecurity/falco-no-driver:0.33.0 |
drop_pct
referred to the global number of events [#2130] - @Andreagit97
DRIVERS_REPO
now supports the use of multiple download URLs (comma separated) [#2165] - @IanRobertson-wpe
falco-driver-loader
[#2153] - @Andreagit97
0.9.0
[#2257] - @Andreagit97
/tmp/gvisor.sock
to /run/falco/gvisor.sock
[#2163] - @vjjmiras
/run/falco.sock.sock
to /run/falco/falco.sock
[#2163] - @vjjmiras
required_engine_version
changed to 13 [#2179] - @incertum
FALCO_HOSTNAME
env var to override the hostname value [#2174] - @leogr
drop ratio
in the right way [#2128] - @Andreagit97
-A
mode [#2243] - @jasondellaluce
json_output: true
[#2174] - @leogr
SCAP_FILTERED_EVENT
return code [#2148] - @Andreagit97
ro
word [#2173] - @Andreagit97
open_live_inspector
[#2215] - @Andreagit97
Merged PRs | Number |
---|---|
Not user-facing | 29 |
Release note | 50 |
Total | 79 |
Published by jasondellaluce about 2 years ago
Packages | Download |
---|---|
rpm-x86_64 | |
deb-x86_64 | |
tgz-x86_64 | |
rpm-aarch64 | |
deb-aarch64 | |
tgz-aarch64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.32.2 |
docker pull public.ecr.aws/falcosecurity/falco:0.32.2 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.32.2 |
docker pull docker.io/falcosecurity/falco-no-driver:0.32.2 |
Merged PRs | Number |
---|---|
Not user-facing | 0 |
Release note | 1 |
Total | 1 |
Published by FedeDP over 2 years ago
Packages | Download |
---|---|
rpm | |
deb | |
tgz | |
rpm-arm64 | |
deb-arm64 | |
tgz-arm64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.32.1 |
docker pull public.ecr.aws/falcosecurity/falco:0.32.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.32.1 |
docker pull docker.io/falcosecurity/falco-no-driver:0.32.1 |
DRIVER_VERSION
that allows setting a driver version (which may differ from the falcosecurity/libs version) [#2086] - @leogr
--version
output [#2086] - @leogr
-V
are loaded when validating rules files. [#2088] - @mstemm
Merged PRs | Number |
---|---|
Not user-facing | 25 |
Release note | 16 |
Total | 41 |
Published by leogr over 2 years ago
Packages | Download |
---|---|
rpm | |
deb | |
tgz |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.32.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.32.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.32.0 |
docker pull docker.io/falcosecurity/falco-no-driver:0.32.0 |
watch_config_files
config option, to trigger a Falco restart whenever a change is detected in the rules or config files [#1991] - @FedeDP
hostname
as a field in JSON output [#1989] - @Milkshak3s
sh -c /usr/share/lighttpd/create-mime.conf.pl
to macro [#1996] - @mmonitz
get
attempts for both successful and unsuccessful attempts [#1949] - @Dentrax
dkms-3.0.3
[#2027] - @Andreagit97
check_plugin_requirements
API [#2009] - @Andreagit97
falco-driver-loader
cleaning phase [#1950] - @Andreagit97
Merged PRs | Number |
---|---|
Not user-facing | 27 |
Release note | 34 |
Total | 61 |