diff options
| author | brokenpip3 | 2024-04-28 23:42:29 +0200 |
|---|---|---|
| committer | brokenpip3 | 2024-04-28 23:42:29 +0200 |
| commit | 243e03299edc0607f2aee48897b64d450c7b18de (patch) | |
| tree | ac59822238c25217de2e21407781c5a127e7efb9 | |
| download | aur-243e03299edc0607f2aee48897b64d450c7b18de.tar.gz | |
init at 0.37.1
| -rw-r--r-- | .SRCINFO | 24 | ||||
| -rw-r--r-- | PKGBUILD | 41 | ||||
| -rw-r--r-- | falco-ebpf.install | 4 | ||||
| -rw-r--r-- | falco-ebpf.service | 24 |
4 files changed, 93 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..23204b04549c --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,24 @@ +pkgbase = falco-probe-ebpf + pkgdesc = Cloud native runtime security - eBPF probe + pkgver = 0.37.1 + pkgrel = 1 + url = https://github.com/falcosecurity/falco + install = falco-ebpf.install + arch = x86_64 + license = Apache + makedepends = cmake + makedepends = git + makedepends = c-ares + makedepends = jq + makedepends = grpc + makedepends = yaml-cpp + makedepends = clang + makedepends = linux-headers + makedepends = llvm + depends = falco + source_x86_64 = falco-0.37.1.tar.gz::https://github.com/falcosecurity/falco/archive/refs/tags/0.37.1.tar.gz + source_x86_64 = falco-ebpf.service + sha256sums_x86_64 = f602bd025ff2997ecce1bd1f479592ab666276912d72212ab8d1fffd38ab8c94 + sha256sums_x86_64 = 79705a952d3cc7f646bcdce6e79419996271959668b9e59ca734255114c70de0 + +pkgname = falco-probe-ebpf diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..8e69d10484b7 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,41 @@ +# Maintainer: brokenpip3 <brokenpip3[at]gmail[dot]com> +# https://github.com/brokenpip3/my-pkgbuilds +# Contributor: Kris Nóva <kris@nivenly.com> R.I.P. + +pkgbase=falco-probe-ebpf +pkgname=falco-probe-ebpf +pkgdesc="Cloud native runtime security - eBPF probe" +pkgver=0.37.1 +pkgrel=1 +arch=(x86_64) +license=(Apache) +depends=(falco) +makedepends=(cmake git c-ares jq grpc yaml-cpp clang linux-headers llvm) +url="https://github.com/falcosecurity/falco" +source_x86_64=( + "falco-${pkgver}.tar.gz::$url/archive/refs/tags/$pkgver.tar.gz" + "falco-ebpf.service" +) +sha256sums_x86_64=('f602bd025ff2997ecce1bd1f479592ab666276912d72212ab8d1fffd38ab8c94' + '79705a952d3cc7f646bcdce6e79419996271959668b9e59ca734255114c70de0') +install="falco-ebpf.install" + +prepare() { + cd "${srcdir}/falco-${pkgver}" + [[ -d build ]] || mkdir build +} + +build() { + cd "${srcdir}/falco-${pkgver}/build" + cmake .. \ + -DCMAKE_BUILD_TYPE=None \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DUSE_BUNDLED_DEPS=false \ + -DBUILD_BPF=ON + make bpf +} + +package() { + install -Dm644 "${srcdir}/falco-${pkgver}/build/driver/bpf/probe.o" "${pkgdir}/usr/share/falco/falco-bpf.o" + install -Dm644 "${srcdir}/falco-ebpf.service" "${pkgdir}/usr/lib/systemd/system/falco-ebpf.service" +} diff --git a/falco-ebpf.install b/falco-ebpf.install new file mode 100644 index 000000000000..336e4270ce88 --- /dev/null +++ b/falco-ebpf.install @@ -0,0 +1,4 @@ +post_install() { + printf "#\nTo start using falco start/enable falco-ebpf.service\n" + printf "For custom falco rules put them in /etc/falco/rules.d\n#\n" +} diff --git a/falco-ebpf.service b/falco-ebpf.service new file mode 100644 index 000000000000..832e5603bbd7 --- /dev/null +++ b/falco-ebpf.service @@ -0,0 +1,24 @@ +[Unit] +Description=Falco: Cloud Native Runtime Security with ebpf +Documentation=https://falco.org/docs/ + +[Service] +Type=simple +User=root +ExecStart=/usr/bin/falco -o engine.kind=ebpf +ExecReload=kill -1 $MAINPID +UMask=0077 +TimeoutSec=30 +RestartSec=15s +Restart=on-failure +PrivateTmp=true +NoNewPrivileges=yes +ProtectHome=read-only +ProtectSystem=full +ProtectKernelTunables=true +RestrictRealtime=true +RestrictAddressFamilies=~AF_PACKET +StandardOutput=null + +[Install] +WantedBy=multi-user.target |