libs icon indicating copy to clipboard operation
libs copied to clipboard

Published 20 hours ago verified publisher icon falcosecurity

[TRACKING] Parse more syscalls args, e.g. `fallocate`, `ftruncate`, `fsopen`, `fsmount`, `kexec_load` etc

Open incertum opened this issue 1 year ago • 5 comments

Motivation

For specialized detections we could benefit from fully supporting and parsing the following syscalls.

  • [ ] fallocate CC @Molter73
  • [ ] ftruncate CC @Molter73
  • [ ] fsopen
  • [ ] fsmount
  • [ ] kexec_load

They are currently yellow / generic syscalls https://falcosecurity.github.io/libs/report/

incertum avatar Jul 08 '24 20:07 incertum

/milestone TBD

incertum avatar Jul 08 '24 20:07 incertum

CC @loresuso @darryk10

incertum avatar Jul 08 '24 20:07 incertum

CC @ericsage here is a previous PR showing how to add new fillers https://github.com/falcosecurity/libs/pull/1242/files.

incertum avatar Jul 09 '24 19:07 incertum

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana avatar Oct 07 '24 22:10 poiana

/remove-lifecycle stale

Andreagit97 avatar Oct 08 '24 08:10 Andreagit97

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana avatar Jan 06 '25 10:01 poiana

/remove-lifecycle stale

Andreagit97 avatar Jan 07 '25 09:01 Andreagit97

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana avatar Apr 07 '25 10:04 poiana

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

poiana avatar May 07 '25 10:05 poiana

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community. /close

poiana avatar Jun 06 '25 16:06 poiana

@poiana: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community. /close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

poiana avatar Jun 06 '25 16:06 poiana