falco (under contruction)
Cloud Native Runtime Security
run falco
install kernel-devel which is same as current kernel.
[root@w1-k8s ~]# yum -y install kernel-devel-$(uname -r)
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.navercorp.com
* epel: nrt.edge.kernel.org
* extras: mirror.navercorp.com
* updates: mirror.navercorp.com
Resolving Dependencies
--> Running transaction check
---> Package kernel-devel.x86_64 0:3.10.0-1160.36.2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================================================================================================================
Package Arch Version Repository Size
===================================================================================================================================================================================================================
Installing:
kernel-devel x86_64 3.10.0-1160.36.2.el7 updates 18 M
Transaction Summary
===================================================================================================================================================================================================================
Install 1 Package
Total download size: 18 M
Installed size: 38 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm | 18 MB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : kernel-devel-3.10.0-1160.36.2.el7.x86_64 1/1
Verifying : kernel-devel-3.10.0-1160.36.2.el7.x86_64 1/1
Installed:
kernel-devel.x86_64 0:3.10.0-1160.36.2.el7
Complete!
[root@w1-k8s ~]# yum -y install falco
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.navercorp.com
* epel: nrt.edge.kernel.org
* extras: mirror.navercorp.com
* updates: mirror.navercorp.com
Resolving Dependencies
--> Running transaction check
---> Package falco.x86_64 0:0.29.1-1 will be installed
--> Processing Dependency: dkms for package: falco-0.29.1-1.x86_64
--> Running transaction check
---> Package dkms.noarch 0:2.8.4-1.el7 will be installed
--> Processing Dependency: elfutils-libelf-devel for package: dkms-2.8.4-1.el7.noarch
--> Running transaction check
---> Package elfutils-libelf-devel.x86_64 0:0.176-5.el7 will be installed
--> Processing Dependency: elfutils-libelf(x86-64) = 0.176-5.el7 for package: elfutils-libelf-devel-0.176-5.el7.x86_64
--> Processing Dependency: pkgconfig(zlib) for package: elfutils-libelf-devel-0.176-5.el7.x86_64
--> Running transaction check
---> Package elfutils-libelf.x86_64 0:0.176-4.el7 will be updated
--> Processing Dependency: elfutils-libelf(x86-64) = 0.176-4.el7 for package: elfutils-libs-0.176-4.el7.x86_64
---> Package elfutils-libelf.x86_64 0:0.176-5.el7 will be an update
---> Package zlib-devel.x86_64 0:1.2.7-19.el7_9 will be installed
--> Processing Dependency: zlib = 1.2.7-19.el7_9 for package: zlib-devel-1.2.7-19.el7_9.x86_64
--> Running transaction check
---> Package elfutils-libs.x86_64 0:0.176-4.el7 will be updated
---> Package elfutils-libs.x86_64 0:0.176-5.el7 will be an update
---> Package zlib.x86_64 0:1.2.7-18.el7 will be updated
---> Package zlib.x86_64 0:1.2.7-19.el7_9 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================================================================================================================
Package Arch Version Repository Size
===================================================================================================================================================================================================================
Installing:
falco x86_64 0.29.1-1 falcosecurity-rpm 4.6 M
Installing for dependencies:
dkms noarch 2.8.4-1.el7 epel 78 k
elfutils-libelf-devel x86_64 0.176-5.el7 base 40 k
zlib-devel x86_64 1.2.7-19.el7_9 updates 50 k
Updating for dependencies:
elfutils-libelf x86_64 0.176-5.el7 base 195 k
elfutils-libs x86_64 0.176-5.el7 base 291 k
zlib x86_64 1.2.7-19.el7_9 updates 90 k
Transaction Summary
===================================================================================================================================================================================================================
Install 1 Package (+3 Dependent packages)
Upgrade ( 3 Dependent packages)
Total download size: 5.3 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/7): elfutils-libelf-devel-0.176-5.el7.x86_64.rpm | 40 kB 00:00:00
(2/7): elfutils-libelf-0.176-5.el7.x86_64.rpm | 195 kB 00:00:00
(3/7): elfutils-libs-0.176-5.el7.x86_64.rpm | 291 kB 00:00:00
(4/7): zlib-devel-1.2.7-19.el7_9.x86_64.rpm | 50 kB 00:00:00
warning: /var/cache/yum/x86_64/7/epel/packages/dkms-2.8.4-1.el7.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for dkms-2.8.4-1.el7.noarch.rpm is not installed
(5/7): dkms-2.8.4-1.el7.noarch.rpm | 78 kB 00:00:01
(6/7): zlib-1.2.7-19.el7_9.x86_64.rpm | 90 kB 00:00:00
(7/7): falco-0.29.1-x86_64.rpm | 4.6 MB 00:00:01
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 2.5 MB/s | 5.3 MB 00:00:02
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
Userid : "Fedora EPEL (7) <epel@fedoraproject.org>"
Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
Package : epel-release-7-11.noarch (@extras)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : zlib-1.2.7-19.el7_9.x86_64 1/10
Updating : elfutils-libelf-0.176-5.el7.x86_64 2/10
Installing : zlib-devel-1.2.7-19.el7_9.x86_64 3/10
Installing : elfutils-libelf-devel-0.176-5.el7.x86_64 4/10
Installing : dkms-2.8.4-1.el7.noarch 5/10
Installing : falco-0.29.1-1.x86_64 6/10
Creating symlink /var/lib/dkms/falco/17f5df52a7d9ed6bb12d3b1768460def8439936d/source ->
/usr/src/falco-17f5df52a7d9ed6bb12d3b1768460def8439936d
DKMS: add completed.
Kernel preparation unnecessary for this kernel. Skipping...
Building module:
cleaning build area...
make -j1 KERNELRELEASE=3.10.0-1160.36.2.el7.x86_64 -C /lib/modules/3.10.0-1160.36.2.el7.x86_64/build M=/var/lib/dkms/falco/17f5df52a7d9ed6bb12d3b1768460def8439936d/build.........
cleaning build area...
DKMS: build completed.
falco.ko.xz:
Running module version sanity check.
- Original module
- No original module exists within this kernel
- Installation
- Installing to /lib/modules/3.10.0-1160.36.2.el7.x86_64/extra/
Adding any weak-modules
depmod.....
DKMS: install completed.
Updating : elfutils-libs-0.176-5.el7.x86_64 7/10
Cleanup : elfutils-libs-0.176-4.el7.x86_64 8/10
Cleanup : elfutils-libelf-0.176-4.el7.x86_64 9/10
Cleanup : zlib-1.2.7-18.el7.x86_64 10/10
Verifying : dkms-2.8.4-1.el7.noarch 1/10
Verifying : zlib-1.2.7-19.el7_9.x86_64 2/10
Verifying : zlib-devel-1.2.7-19.el7_9.x86_64 3/10
Verifying : falco-0.29.1-1.x86_64 4/10
Verifying : elfutils-libelf-0.176-5.el7.x86_64 5/10
Verifying : elfutils-libs-0.176-5.el7.x86_64 6/10
Verifying : elfutils-libelf-devel-0.176-5.el7.x86_64 7/10
Verifying : zlib-1.2.7-18.el7.x86_64 8/10
Verifying : elfutils-libelf-0.176-4.el7.x86_64 9/10
Verifying : elfutils-libs-0.176-4.el7.x86_64 10/10
Installed:
falco.x86_64 0:0.29.1-1
Dependency Installed:
dkms.noarch 0:2.8.4-1.el7 elfutils-libelf-devel.x86_64 0:0.176-5.el7 zlib-devel.x86_64 0:1.2.7-19.el7_9
Dependency Updated:
elfutils-libelf.x86_64 0:0.176-5.el7 elfutils-libs.x86_64 0:0.176-5.el7 zlib.x86_64 0:1.2.7-19.el7_9
Complete!Deploy by helm
logs on daemonset
custom rule
Last updated
Was this helpful?