update(cmake,scripts): updated falcoctl to 0.3.0-rc1.

Fix up falcoctl.service. Signed-off-by: Federico Di Pierro <[email protected]> Co-authored-by: Lorenzo Susini <[email protected]>
falcosecurity · Jan 18, 2023 · 976c328 · 976c328
1 parent 717a45a
commit 976c328
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 9 deletions.
diff --git a/cmake/modules/falcoctl.cmake b/cmake/modules/falcoctl.cmake
@@ -15,14 +15,14 @@ include(ExternalProject)
 
 string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} FALCOCTL_SYSTEM_NAME)
 
-set(FALCOCTL_VERSION "0.2.0-rc1")
+set(FALCOCTL_VERSION "0.3.0-rc1")
 
 if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
     set(FALCOCTL_SYSTEM_PROC_GO "amd64")
-    set(FALCOCTL_HASH "82dbd20afc2a3605cb77db6ac79f8b523ffb4d8b224511531fdcf366d2ec9929")
+    set(FALCOCTL_HASH "ddb7da605cb45b6d84c4e7805ff1a0a4e8bed012d8198b74b782695e4c5ac8e0")
 else() # aarch64
     set(FALCOCTL_SYSTEM_PROC_GO "arm64")
-    set(FALCOCTL_HASH "e07e9b30e4c2ac75835068a912619db4cad288b300a5ed8c66d1f7ea367c2b96")
+    set(FALCOCTL_HASH "398e380cd24a3ecb2c0967336983bea9621833b08c3442383a412fbc546dfcb8")
 endif()
 
 ExternalProject_Add(

diff --git a/scripts/systemd/falcoctl.service b/scripts/systemd/falcoctl.service
@@ -4,20 +4,19 @@ Documentation=https://falco.org/docs/
 
 [Service]
 Type=simple
-ExecStartPre=/usr/bin/falco --version-json > /etc/falco/falco_versions.json
-ExecStart=/usr/bin/falcoctl --config=/etc/falcoctl/config.yaml artifact follow --list=/etc/falcoctl/follow.yaml --requirements=/etc/falco/falco_versions.json --pidfile=/var/run/falcoctl.pid
+User=root
+ExecStart=/usr/bin/falcoctl artifact follow
 UMask=0077
 TimeoutSec=30
 RestartSec=15s
 Restart=on-failure
 PrivateTmp=true
 NoNewPrivileges=yes
-ProtectHome=read-only
-ProtectSystem=full
+ProtectSystem=true
 ProtectKernelTunables=true
 RestrictRealtime=true
-RestrictAddressFamilies=~AF_PACKET
-StandardOutput=null
+#RestrictAddressFamilies=~AF_PACKET
+#StandardOutput=null
 
 [Install]
 WantedBy=multi-user.target