new(metrics): add file sha256sum metrics for loaded config and rules …

…files Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
falcosecurity · May 8, 2024 · 0cc454d · 0cc454d
1 parent b9b1ee9
commit 0cc454d
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 0 deletions.
diff --git a/userspace/falco/app/actions/load_rules_files.cpp b/userspace/falco/app/actions/load_rules_files.cpp
@@ -17,6 +17,7 @@ limitations under the License.
 
 #include "actions.h"
 #include "helpers.h"
+#include "falco_utils.h"
 
 #include <libsinsp/plugin_manager.h>
 
@@ -83,6 +84,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state&
 		{
 			falco_logger::log(falco_logger::level::WARNING,res->as_string(true, rc) + "\n");
 		}
+		s.config->m_loaded_rules_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename));
 	}
 
 	// note: we have an egg-and-chicken problem here. We would like to check

diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp
@@ -160,6 +160,11 @@ void falco_configuration::merge_configs_files(const std::string& config_name, st
 			}
 		}
 	}
+
+	for(auto &filename : m_loaded_configs_filenames)
+	{
+		m_loaded_configs_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename));
+	}
 }
 
 void falco_configuration::init_logger()
@@ -270,6 +275,7 @@ void falco_configuration::load_yaml(const std::string& config_name)
 
 	m_rules_filenames.clear();
 	m_loaded_rules_filenames.clear();
+	m_loaded_rules_filenames_sha256sum.clear();
 	m_loaded_rules_folders.clear();
 	for(auto &file : rules_files)
 	{

diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h
@@ -105,13 +105,17 @@ class falco_configuration
 
 	// Config list as passed by the user. Filenames.
 	std::list<std::string> m_loaded_configs_filenames;
+	// sha256 of the loaded configs files
+	std::list<std::string> m_loaded_configs_filenames_sha256sum;
 	// Config list as passed by the user. Folders.
 	std::list<std::string> m_loaded_configs_folders;
 
 	// Rules list as passed by the user
 	std::list<std::string> m_rules_filenames;
 	// Actually loaded rules, with folders inspected
 	std::list<std::string> m_loaded_rules_filenames;
+	// sha256 of the loaded rules files
+	std::list<std::string> m_loaded_rules_filenames_sha256sum;
 	// List of loaded rule folders
 	std::list<std::string> m_loaded_rules_folders;
 	bool m_json_output;

diff --git a/userspace/falco/falco_metrics.cpp b/userspace/falco/falco_metrics.cpp
@@ -20,6 +20,7 @@ limitations under the License.
 #include "app/state.h"
 
 #include <libsinsp/sinsp.h>
+#include <re2/re2.h>
 
 /*!
 	\class falco_metrics
@@ -82,6 +83,30 @@ std::string falco_metrics::to_text(const falco::app::state& state)
 		prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("kernel_release", "falcosecurity", "falco", {{"kernel_release", agent_info->uname_r}});
 		prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("hostname", "falcosecurity", "evt", {{"hostname", machine_info->hostname}});
 
+		auto it_filename = state.config.get()->m_loaded_rules_filenames.begin();
+		auto it_sha256 = state.config.get()->m_loaded_rules_filenames_sha256sum.begin();
+		while (it_filename != state.config.get()->m_loaded_rules_filenames.end() && it_sha256 != state.config.get()->m_loaded_rules_filenames_sha256sum.end())
+		{
+			std::string metric_name_file_sha256 = *it_filename;
+			RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", "");
+			metric_name_file_sha256 = "sha256_rule_file_" + metric_name_file_sha256;
+			prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, *it_sha256}});
+			++it_filename;
+			++it_sha256;
+		}
+
+		it_filename = state.config.get()->m_loaded_configs_filenames.begin();
+		it_sha256 = state.config.get()->m_loaded_configs_filenames_sha256sum.begin();
+		while (it_filename != state.config.get()->m_loaded_configs_filenames.end() && it_sha256 != state.config.get()->m_loaded_configs_filenames_sha256sum.end())
+		{
+			std::string metric_name_file_sha256 = *it_filename;
+			RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", "");
+			metric_name_file_sha256 = "sha256_config_file_" + metric_name_file_sha256;
+			prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, *it_sha256}});
+			++it_filename;
+			++it_sha256;
+		}
+
 		for (const std::string& source: inspector->event_sources())
 		{
 			prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("evt_source", "falcosecurity", "falco", {{"evt_source", source}});

diff --git a/userspace/falco/stats_writer.cpp b/userspace/falco/stats_writer.cpp
@@ -23,6 +23,7 @@ limitations under the License.
 #include <atomic>
 
 #include <nlohmann/json.hpp>
+#include <re2/re2.h>
 
 #include "falco_common.h"
 #include "stats_writer.h"
@@ -328,6 +329,30 @@ void stats_writer::collector::get_metrics_output_fields_wrapper(
 	output_fields["falco.host_num_cpus"] = machine_info->num_cpus;
 	output_fields["falco.outputs_queue_num_drops"] = m_writer->m_outputs->get_outputs_queue_num_drops();
 
+	auto it_filename = m_writer->m_config->m_loaded_rules_filenames.begin();
+	auto it_sha256 = m_writer->m_config->m_loaded_rules_filenames_sha256sum.begin();
+	while (it_filename != m_writer->m_config->m_loaded_rules_filenames.end() && it_sha256 != m_writer->m_config->m_loaded_rules_filenames_sha256sum.end())
+	{
+		std::string metric_name_file_sha256 = *it_filename;
+		RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", "");
+		metric_name_file_sha256 = "falco.sha256_rule_file." + metric_name_file_sha256;
+		output_fields[metric_name_file_sha256] = *it_sha256;
+		++it_filename;
+		++it_sha256;
+	}
+
+	it_filename = m_writer->m_config->m_loaded_configs_filenames.begin();
+	it_sha256 = m_writer->m_config->m_loaded_configs_filenames_sha256sum.begin();
+	while (it_filename != m_writer->m_config->m_loaded_configs_filenames.end() && it_sha256 != m_writer->m_config->m_loaded_configs_filenames_sha256sum.end())
+	{
+		std::string metric_name_file_sha256 = *it_filename;
+		RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", "");
+		metric_name_file_sha256 = "falco.sha256_config_file." + metric_name_file_sha256;
+		output_fields[metric_name_file_sha256] = *it_sha256;
+		++it_filename;
+		++it_sha256;
+	}
+
 	output_fields["evt.source"] = src;
 	for (size_t i = 0; i < sizeof(all_driver_engines) / sizeof(const char*); i++)
 	{