Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC] ansible role for falco #128

Closed
juju4 opened this issue Oct 11, 2016 · 4 comments
Closed

[RFC] ansible role for falco #128

juju4 opened this issue Oct 11, 2016 · 4 comments

Comments

@juju4
Copy link
Contributor

juju4 commented Oct 11, 2016

/~https://github.com/juju4/ansible-falco/

If I can have feedback to on my rules work in progress, would be great too
/~https://github.com/juju4/ansible-falco/blob/master/templates/falco_rules_w_exceptions.yaml.j2

Thanks
@juju4 juju4 mentioned this issue Oct 11, 2016
Closed
@mstemm
Copy link
Contributor

mstemm commented Oct 11, 2016

I haven't used ansible much, but that looks very useful and I'd be happy to make any necessary changes to support this work.

Wrt the rule changes, I'd suggest rebasing against dev so you pick up all the changes since 0.2.0. When comparing to the ruleset in 0.2.0, here are some suggestions:

  • I like the ability to make a bunch of rules container-sensitive or not depending on falco_dontwatch_containers. I'd suggest putting that in a self-contained macro, though, so you don't have to sprinkle it amongst the other rules. Something like
macro: consider_containers
{% if falco_dontwatch_containers %}
condition: not container
{% else %>
condition: evt.num>0
{% end %}
...
rule: XXX
condition: consider_containers and ...

Glad to see falco is useful for you!

@juju4
Copy link
Contributor Author

juju4 commented Oct 11, 2016

Thanks, I'm doing rebasing and testing before a pull request.
In the few additions, I'm including, there is python usage like apt/rpm (ansible usage), kitchen-test and lxd/lxcfs containers.

@mstemm
Copy link
Contributor

mstemm commented Dec 16, 2016

Hi, not sure if you got around to rebasing or not, but we'd like to send some end-of-year gifts to everyone who contributed to falco this year. If you'd like some schwag, could you send me your email address? I didn't see it on your profile. You can send it to mark.stemm@sysdig.com. Thanks!

@mstemm
Copy link
Contributor

mstemm commented Mar 27, 2018

By the way, I tested the ansible role you created and it worked great. If you want to deploy a new version to ansible galaxy that's compatible with 0.9.0, please do! I've added a reference to your role to our wiki. I'll close this issue as the role is working.

@mstemm mstemm closed this as completed Mar 27, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@juju4 @mstemm