You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was trying to do disable a couple of falco rules, which tgot triggered when we run dagda using docker-compose.
Reproduction steps
cd to dir where docker-compose.yaml file is
docker-compose up
3 containers would start > dagda, vulndb, falco
Actual results
What I saw was that falco triggers DNS resolution of crypto mining URLs
On which platforms did you notice this:
Please complete the following information:
OS: [e.g. Ubuntu] Ubuntu 20.04
OS Version: [e.g. (~$ uname -a)] Linux ubu20 5.4.0-33-generic add additional log in /v1/check/images/ #37-Ubuntu SMP Thu May 21 12:53:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Python version: [e.g. Python 3.4]
Docker version [e.g. 17.05.0-ce] Docker version 19.03.8, build afacb8b7f0
MongoDB version [e.g. 3.2]
Solution
A possible solution for this issue would be to disable the crypto mining URL rules in falco.
Things I Tried:
falco documentation suggests that we add our custom rules in /etc/falco/falco_rules.local.yaml file, but in the sysdig_faloc_monitor.py file, there is no entrypoint for /etc/.
I tried adding the file falco_rules.local.yaml it in /tmp as well as /etc/falco. When I start the dagda again, this time falco container does not seem to start.
Error in log:
dagda <2020-05-29 12:17:12,691> <dagda_server> run:104 <Falcosecurity/falco output file not found.>
dagda <2020-05-29 12:17:12,693> <dagda_server> run:105
Please let me know how to add custom falco rules and also make the falco container up.
Thank you
Short description
I was trying to do disable a couple of falco rules, which tgot triggered when we run dagda using docker-compose.
Reproduction steps
3 containers would start > dagda, vulndb, falco
Actual results
What I saw was that falco triggers DNS resolution of crypto mining URLs
On which platforms did you notice this:
Please complete the following information:
Solution
A possible solution for this issue would be to disable the crypto mining URL rules in falco.
Things I Tried:
I tried adding the file falco_rules.local.yaml it in /tmp as well as /etc/falco. When I start the dagda again, this time falco container does not seem to start.
Error in log:
dagda <2020-05-29 12:17:12,691> <dagda_server> run:104 <Falcosecurity/falco output file not found.>
dagda <2020-05-29 12:17:12,693> <dagda_server> run:105
Please let me know how to add custom falco rules and also make the falco container up.
Thank you