Skip to content

0.22.0
Compare
Choose a tag to compare
@leogr leogr released this 17 Apr 11:01
· 3087 commits to master since this release
0.22.0
c241f13

Released on 2020-16-04

Major Changes

  • new: falco version and driver version are distinct and not coupled anymore [#1111]
  • new: flag to disable asynchronous container metadata (CRI) fetch --disable-cri-async [#1099]

Minor Changes

  • docs(integrations): update API resource versions to Kubernetes 1.16 [#1044]
  • docs: add new release archive to the README.md [#1098]
  • update: driver version a259b4bf49c3 [#1138]
  • docs(integrations/k8s-using-daemonset): --cri flag correct socket path [#1140]
  • update: bump driver version to cd3d10123e [#1131]
  • update(docker): remove RHEL, kernel/linuxkit, and kernel/probeloader images [#1124]
  • update: falco-probe-loader script is falco-driver-loader now [#1111]
  • update: using only sha256 hashes when pulling build dependencies [#1118]

Bug Fixes

  • fix(integrations/k8s-using-daemonset): added missing privileges for the apps Kubernetes API group in the falco-cluster-role when using RBAC [#1136]
  • fix: connect to docker works also with libcurl >= 7.69.0 [#1138]
  • fix: HOST_ROOT environment variable detection [#1133]
  • fix(driver/bpf): stricter conditionals while dealing with strings [#1131]
  • fix: /usr/bin/falco-${DRIVER_VERSION} driver directory [#1111]
  • fix: FALCO_VERSION env variable inside Falco containers contains the Falco version now (not the docker image tag) [#1111]

Rule Changes

  • rule(macro user_expected_system_procs_network_activity_conditions): allow whitelisting system binaries using the network under specific conditions [#1070]
  • rule(Full K8s Administrative Access): detect any k8s operation by an administrator with full access [#1122]
  • rule(Ingress Object without TLS Certificate Created): detect any attempt to create an ingress without TLS certification (rule enabled by default) [#1122]
  • rule(Untrusted Node Successfully Joined the Cluster): detect a node successfully joined the cluster outside of the list of allowed nodes [#1122]
  • rule(Untrusted Node Unsuccessfully Tried to Join the Cluster): detect an unsuccessful attempt to join the cluster for a node not in the list of allowed nodes [#1122]
  • rule(Network Connection outside Local Subnet): detect traffic to image outside local subnet [#1122]
  • rule(Outbound or Inbound Traffic not to Authorized Server Process and Port): detect traffic that is not to authorized server process and port [#1122]
  • rule(Delete or rename shell history): "mitre_defense_evation" tag corrected to "mitre_defense_evasion" [#1143]
  • rule(Delete Bash History): "mitre_defense_evation" tag corrected to "mitre_defense_evasion" [#1143]
  • rule(Write below root): use pmatch to check against known root directories [#1137]
  • rule(Detect outbound connections to common miner pool ports): whitelist sysdig/agent and falcosecurity/falco for query miner domain dns [#1115]
  • rule(Service Account Created in Kube Namespace): only detect sa created in kube namespace with success [#1117]

Statistics

Merged PRs Number
Not user-facing 4
Release note 17
Total 21
Assets 2
Loading