Falco - 0.31.1

Security

| Packages | Download |
| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| rpm | rpm |
| deb | deb |
| tgz | tgz |

| Images |
| --------------------------------------------------------------------------- |
| docker pull docker.io/falcosecurity/falco:0.31.1 |
| docker pull public.ecr.aws/falcosecurity/falco:0.31.1 |
| docker pull docker.io/falcosecurity/falco-driver-loader:0.31.1 |
| docker pull docker.io/falcosecurity/falco-no-driver:0.31.1 |

Major Changes

Minor Changes

  • refactor(userspace/falco): replace direct getopt_long() cmdline option parsing with third-party cxxopts library. [#1886] - @mstemm
  • update: driver version is b7eb0dd [#1923] - @LucaGuerra

Bug Fixes

  • fix(userspace/falco): correct plugins init config conversion from YAML to JSON [#1907] - @jasondellaluce
  • fix(userspace/engine): for rules at the informational level being loaded at the notice level [#1885] - @mike-stewart
  • chore(userspace/falco): fixes truncated -b option description. [#1915] - @andreabonanno
  • update(falco): updates usage description for -o, --option [#1903] - @andreabonanno

Rule Changes

  • rule(Detect outbound connections to common miner pool ports): fix url in rule output [#1918] - @jsoref
  • rule(macro somebody_becoming_themself): renaming macro to somebody_becoming_themselves [#1918] - @jsoref
  • rule(list package_mgmt_binaries): npm added [#1866] - @rileydakota
  • rule(Launch Package Management Process in Container): support for detecting npm usage [#1866] - @rileydakota
  • rule(Polkit Local Privilege Escalation Vulnerability): new rule created to detect CVE-2021-4034 [#1877] - @darryk10
  • rule(macro: modify_shell_history): avoid false-positive alerts triggered by modifications to .zsh_history.new and .zsh_history.LOCK files [#1832] - @m4wh6k
  • rule(macro: truncate_shell_history): avoid false-positive alerts triggered by modifications to .zsh_history.new and .zsh_history.LOCK files [#1832] - @m4wh6k
  • rule(macro sssd_writing_krb): fixed a false-positive alert that was being generated when SSSD updates /etc/krb5.keytab [#1825] - @mac-chaffee
  • rule(macro write_etc_common): fixed a false-positive alert that was being generated when SSSD updates /etc/krb5.keytab [#1825] - @mac-chaffee
  • upgrade macro(keepalived_writing_conf) [#1742] - @pabloopez
  • rule_output(Delete Bucket Public Access Block) typo [#1888] - @pabloopez

Non user-facing changes

  • fix(build): fix civetweb linking in cmake module [#1919] - @LucaGuerra
  • chore(userspace/engine): remove unused lua functions and state vars [#1908] - @jasondellaluce
  • fix(userspace/falco): applies FALCO_INSTALL_CONF_FILE as the default … [#1900] - @andreabonanno
  • fix(scripts): correct typo in falco-driver-loader help message [#1899] - @leogr
  • update(build)!: replaced various PROBE with DRIVER where necessary. [#1887] - @FedeDP
  • Add Fairwinds to the adopters list [#1917] - @sudermanjr
  • build(cmake): several cmake changes to speed up/simplify builds for external projects and copying files from source-to-build directories [#1905] - @mstemm

Statistics

| Merged PRs | Number |
| --------------- | ------ |
| Not user-facing | 11 |
| Release note | 13 |
| Total | 24 |

Release Manager @LucaGuerra


Details

date
March 9, 2022, 5:20 p.m.
name
0.31.1
type
Patch
👇
Register or login to:
  • 🔍View and search all Falco releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or