Proposal: Falcoctl config to patch falco.yaml with additional rules files or plugins beyond what is defined from the rules artifact
Opened this issue · 9 comments
What would you like to be added:
Context: Falcoctl can retrieve the rules files from OCI when doing falcoctl artifact install
. However when the artifacts are all installed, I also have some custom rules I want to apply that are not packaged up, and contain only some overrides/extensions that are specific to our local environments, for rules and macros defined in the artifacts. I want to be able to apply these overrides with Falcoctl so that they apply any time new rules are downloaded.
Proposal: It’d be great if falcoctl artifact install
also could have a small config file for itself included in the OCI artifact. This could be used, for example, to directly append a new rules file to the rules_file field in falco.yaml, or a new plugin to the plugins field.
example config.yaml:
rules_files_append:
- userDefinedRules.yaml
plugins_append:
- name userDefinedPlugin
library_path: libUserDefinedPlugin.so
init_config: {}
open_params: ""
If falcoctl could read this in from the extracted tarball path (from the OCI registry artifact) and take action to append the values defined, it’d be really useful.
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Not stale. Made some clarifications to the title and description
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
/remove-lifecycle rotten
/remove-lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale