Skip to content

Instantly share code, notes, and snippets.

View leogr's full-sized avatar
🎓
I made Falco fly

Leonardo Grasso leogr

🎓
I made Falco fly
204 followers · 203 following
View GitHub Profile
@leogr
leogr / launch.json
Created June 8, 2022 10:33
Debug Falco with sudo gdb in VSCode
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"name": "(gdbsudo) Launch",
"type": "cppdbg",
"request": "launch",
@leogr
leogr / gdbsudo
Created June 8, 2022 10:30
sudo gdb
#!/bin/sh
pkexec /usr/bin/gdb "$@"
@leogr
leogr / 1000-ports-deployment.yaml
Created June 15, 2021 13:55
k8s deployment with large number of ports (> 1000)
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deploy
spec:
selector:
matchLabels:
app: nginx
template:
metadata:
@leogr
leogr / dummy-workload.yaml
Created May 14, 2021 09:19
Dummy workload (testing Falco)
apiVersion: apps/v1
kind: Deployment
metadata:
name: alpine-deployment
labels:
app: alpine
spec:
replicas: 300
selector:
matchLabels:
@leogr
leogr / gdbsudo
Created March 19, 2021 17:05
GDB with sudo
#!/bin/sh
pkexec /usr/bin/gdb "$@"
@leogr
leogr / falco_rule_skeleton.yaml
Created October 25, 2020 10:33
A Falco rule skeleton
# A Falco rules file is a YAML file containing three types of elements:
#
# - rule: Conditions under which an alert should be generated.
# A rule is accompanied by a descriptive output string that is sent with the alert.
#
# - macro: Rule condition snippets that can be re-used inside rules and even other macros.
# Macros provide a way to name common patterns and factor out redundancies in rules.
#
# - list: Collections of items that can be included in rules, macros, or other lists.
# Unlike rules and macros, lists cannot be parsed as filtering expressions.
@leogr
leogr / ca_and_cert_golang_demo.go
Created March 24, 2020 16:54 — forked from shaneutt/LICENSE
Golang: Demonstrate creating a CA Certificate, and Creating and Signing Certs with the CA
package main
import (
"bytes"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
@leogr
leogr / self-signed-certificate-with-custom-ca.md
Created March 20, 2020 10:47 — forked from fntlnz/self-signed-certificate-with-custom-ca.md
Self Signed Certificate with Custom Root CA

Create Root CA (Done once)

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!

openssl genrsa -des3 -out rootCA.key 4096
@leogr
leogr / build_falco.md
Last active December 17, 2019 10:03
wip: manually build falco

Build falco

Tested on falcosecurity/falco#968

Step 0 - Dependencies

pacman -S gcc cmake make pkgconfig autoconf automake patch elfutils libelf libtool linux-headers jq oniguruma zlib ncurses yaml-cpp openssl curl c-ares protobuf grpc libyaml

Step 1 - Make dirs, clone sysdig and falco, etc...

@leogr
leogr / shardedmap.go
Created November 22, 2019 15:35
Golang sharded map
package cache
import (
"sync"
)
type cacheItem interface{}
type Cache interface {
// Get returns the value associated with the key parameter.