diff options
| author | brokenpip3 | 2024-04-28 23:24:57 +0200 |
|---|---|---|
| committer | brokenpip3 | 2024-04-28 23:24:57 +0200 |
| commit | c943b205d2c6a4cd5e4868c943d81691d552f6c6 (patch) | |
| tree | a0739df6fb0b81cb9d36145c70eff7cdfd28cf83 | |
| parent | cfe1060ea4ea067775277e204ef1bf863ce6c5ce (diff) | |
| download | aur-c943b205d2c6a4cd5e4868c943d81691d552f6c6.tar.gz | |
update: use modern bpf by default
| -rw-r--r-- | .SRCINFO | 25 | ||||
| -rw-r--r-- | PKGBUILD | 55 | ||||
| -rw-r--r-- | falco-modern-bpf.service | 25 | ||||
| -rw-r--r-- | falco.install | 9 |
4 files changed, 78 insertions, 36 deletions
@@ -1,19 +1,24 @@ pkgbase = falco-bin - pkgdesc = Cloud native runtime security. Binaries and Kernel modules. (Stable) + pkgdesc = Cloud native runtime security. Modern ebpf and config files pkgver = 0.37.1 - pkgrel = 2 + pkgrel = 3 url = https://github.com/falcosecurity/falco + install = falco.install arch = x86_64 license = Apache + optdepends = falco-probe-ebpf: ebpf probe + optdepends = falco-module-dkms: dkms module + optdepends = falcoctl: administrative tooling for Falco + optdepends = falcosidekick: connect Falco to your ecosystem + provides = falco + conflicts = falco + backup = etc/falco/falco_rules.yaml + backup = etc/falco/falco.yaml source_x86_64 = https://download.falco.org/packages/bin/x86_64/falco-0.37.1-x86_64.tar.gz + source_x86_64 = git+https://github.com/falcosecurity/rules#tag=falco-rules-3.0.1 + source_x86_64 = falco-modern-bpf.service sha256sums_x86_64 = 8d441495f72489be1bcab1ce8476ae26007fe2063c8053e8082b264066c46f25 + sha256sums_x86_64 = b33034564398503bac9cb0088759710ddf176e64c249dfcdd47d9310f0692c6e + sha256sums_x86_64 = 0709add709184db8a275a5c7c6b6b4123b6dc418e72f7c9d4ab6dcc1d5ab2644 pkgname = falco-bin - provides = falco - conflicts = falco - -pkgname = falco-bin-dkms - depends = dkms - depends = linux-headers - provides = falco-dkms - conflicts = falco-dkms @@ -4,35 +4,38 @@ # Contributor: Kris NĂ³va R.I.P. <kris@nivenly.com> pkgbase=falco-bin -pkgname=("falco-bin" - "falco-bin-dkms") +pkgname=falco-bin +provides=(falco) +conflicts=(falco) +backup=('etc/falco/falco_rules.yaml' 'etc/falco/falco.yaml') pkgver=0.37.1 -pkgrel=2 -pkgdesc="Cloud native runtime security. Binaries and Kernel modules. (Stable)" +pkgrel=3 +pkgdesc="Cloud native runtime security. Modern ebpf and config files" arch=(x86_64) license=(Apache) +optdepends=( + "falco-probe-ebpf: ebpf probe" + "falco-module-dkms: dkms module" + "falcoctl: administrative tooling for Falco" + "falcosidekick: connect Falco to your ecosystem" +) url="https://github.com/falcosecurity/falco" -license=(Apache) -# EXAMPLE URL: https://download.falco.org/packages/bin/x86_64/falco-0.29.1-x86_64.tar.gz -source_x86_64=("https://download.falco.org/packages/bin/${arch}/falco-${pkgver}-x86_64.tar.gz") -sha256sums_x86_64=('8d441495f72489be1bcab1ce8476ae26007fe2063c8053e8082b264066c46f25') - -_commit=7.0.0+driver - -package_falco-bin() { - provides=(falco) - conflicts=(falco) - install -d "${pkgdir}/etc/falco" - cp -rv falco-${pkgver}-${arch}/etc/falco/* "${pkgdir}/etc/falco" - - install -d "${pkgdir}/usr/bin" - cp -rv falco-${pkgver}-${arch}/usr/bin/* "${pkgdir}/usr/bin" -} +_rules_tag="falco-rules-3.0.1" +source_x86_64=( + "https://download.falco.org/packages/bin/${arch}/falco-${pkgver}-x86_64.tar.gz" + "git+https://github.com/falcosecurity/rules#tag=${_rules_tag}" + "falco-modern-bpf.service" +) +sha256sums_x86_64=('8d441495f72489be1bcab1ce8476ae26007fe2063c8053e8082b264066c46f25' + 'b33034564398503bac9cb0088759710ddf176e64c249dfcdd47d9310f0692c6e' + '0709add709184db8a275a5c7c6b6b4123b6dc418e72f7c9d4ab6dcc1d5ab2644') +install="falco.install" -package_falco-bin-dkms() { - depends=(dkms linux-headers) - provides=(falco-dkms) - conflicts=(falco-dkms) - install -d "${pkgdir}/usr/src/falco-${pkgver}" - cp -rv falco-${pkgver}-${arch}/usr/src/falco-${_commit}/* "${pkgdir}/usr/src/falco-${pkgver}" +package() { + install -Dm644 falco-${pkgver}-${arch}/etc/falco/falco.yaml "${pkgdir}/etc/falco/falco.yaml" + install -Dm755 falco-${pkgver}-${arch}/usr/bin/falco "${pkgdir}/usr/bin/falco" + install -Dm644 "${srcdir}/rules/rules/falco_rules.yaml" "${pkgdir}/etc/falco/falco_rules.yaml" + install -d "${pkgdir}/etc/falco/rules.d" + sed -i 's#probe: ${HOME}/.falco/falco-bpf.o#probe: /usr/share/falco/falco-bpf.o#' "${pkgdir}/etc/falco/falco.yaml" + install -Dm644 "${srcdir}/falco-modern-bpf.service" "${pkgdir}/usr/lib/systemd/system/falco-modern-bpf.service" } diff --git a/falco-modern-bpf.service b/falco-modern-bpf.service new file mode 100644 index 000000000000..493085eda408 --- /dev/null +++ b/falco-modern-bpf.service @@ -0,0 +1,25 @@ +[Unit] +Description=Falco: Cloud Native Runtime Security +Documentation=https://falco.org/docs/ + +[Service] +Type=simple +User=root +ExecStart=/usr/bin/falco -o engine.kind=modern_ebpf +ExecReload=kill -1 $MAINPID +UMask=0077 +TimeoutSec=30 +RestartSec=15s +Restart=on-failure +PrivateTmp=true +NoNewPrivileges=yes +ProtectHome=read-only +ProtectSystem=full +ProtectKernelTunables=true +RestrictRealtime=true +RestrictAddressFamilies=~AF_PACKET +StandardOutput=null + +[Install] +WantedBy=multi-user.target +Alias=falco.service diff --git a/falco.install b/falco.install new file mode 100644 index 000000000000..b3db25de8fdb --- /dev/null +++ b/falco.install @@ -0,0 +1,9 @@ +post_install() { + printf "#\nTo ensure Falco runs properly, enable/start the falco-modern-bpf.service\n" + printf "This will utilize the built-in modern eBPF probe.\n" + printf "If you prefer another driver, you need to install either:\n" + printf "* falco-probe-ebpf (eBPF probe)\n" + printf "* falco-module-dkms (DKMS module)\n" + printf "Alternatively, you can build the probe yourself.\n\n" + printf "For custom Falco rules, place them in /etc/falco/rules.d\n#\n" +} |