Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal: Falcoctl config to patch falco.yaml with additional rules files or plugins beyond what is defined from the rules artifact #316

Open
tspearconquest opened this issue Aug 29, 2023 · 6 comments

Comments

@tspearconquest
Copy link

tspearconquest commented Aug 29, 2023

What would you like to be added:

Context: Falcoctl can retrieve the rules files from OCI when doing falcoctl artifact install. However when the artifacts are all installed, I also have some custom rules I want to apply that are not packaged up, and contain only some overrides/extensions that are specific to our local environments, for rules and macros defined in the artifacts. I want to be able to apply these overrides with Falcoctl so that they apply any time new rules are downloaded.

Proposal: It’d be great if falcoctl artifact install also could have a small config file for itself included in the OCI artifact. This could be used, for example, to directly append a new rules file to the rules_file field in falco.yaml, or a new plugin to the plugins field.

example config.yaml:

rules_files_append:
  - userDefinedRules.yaml
plugins_append:
  - name userDefinedPlugin
    library_path: libUserDefinedPlugin.so
    init_config: {}
    open_params: ""

If falcoctl could read this in from the extracted tarball path (from the OCI registry artifact) and take action to append the values defined, it’d be really useful.

@poiana
Copy link
Contributor

poiana commented Nov 27, 2023

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@tspearconquest tspearconquest changed the title Proposal: In-tree config file to allow faloctl to update falco.yaml Proposal: In-tree config file to allow falcoctl to update falco.yaml Nov 27, 2023
@tspearconquest tspearconquest changed the title Proposal: In-tree config file to allow falcoctl to update falco.yaml Proposal: Falcoctl config file (which can be included in a package that falcoctl artifact install downloads) Nov 27, 2023
@tspearconquest
Copy link
Author

Not stale. Made some clarifications to the title and description

@poiana
Copy link
Contributor

poiana commented Dec 27, 2023

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

@tspearconquest
Copy link
Author

/remove-lifecycle rotten
/remove-lifecycle stale

@poiana
Copy link
Contributor

poiana commented Mar 27, 2024

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@tspearconquest
Copy link
Author

/remove-lifecycle stale

@tspearconquest tspearconquest changed the title Proposal: Falcoctl config file (which can be included in a package that falcoctl artifact install downloads) Proposal: Falcoctl config to patch falco.yaml with additional rules files or plugins beyond what is defined from the rules artifact Mar 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants