ðŸ‘Ī
Novice Handbook
  • Novice Handbook
  • Guide
  • Internet āđāļĨāļ° Web
    • HTML
  • Computer Language
    • Basic Computer Language (LV.1)
    • C Language (LV.1)
    • Python3 (LV.1)
  • Operating System
    • Linux
      • Basic Linux (LV.1)
  • TOOLS
    • Text Editor
      • Vim Editor
    • Source Control
      • GitLab
        • GitLab for small site (LV.1)
    • Container
      • Docker
        • Docker (LV.1)
        • Docker (LV.2)
      • Kubernetes
        • Kubernetes Intro (LV.0)
        • Kubernetes Basic (LV.1)
        • Kubernetes Intermediate (LV.2)
        • Helm (LV.2)
        • RKE2 (LV.3)
        • K3S (LV.3)
        • K3D (LV.3)
    • Repository
      • Harbor
        • Harbor for small site (LV.1)
        • Harbor for enterprise (LV.2)
    • Database
      • Redis
        • Redis on Docker Compose (LV.1)
        • Redis on Kubernetes (LV.2)
      • Elastic Stack
        • Elasticsearch & Kibana for small site (LV.1)
    • Observability
      • Prometheus
        • Prometheus for small site (LV.1)
        • Prometheus Operator (LV.2)
    • Security
      • Certbot (LV.1)
      • Falco
      • Hashicorp Vault
    • Collaboration
      • Nextcloud
Powered by GitBook
On this page
  • āļ•āļąāļ§āļ­āļĒāđˆāļēāļ‡āļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡ falco āļšāļ™ Kubernetes
  • āļ—āļ”āļŠāļ­āļš alarm
  • cleanup
  • Uninstall Falco

Was this helpful?

  1. TOOLS
  2. Security

Falco

Falco āđ€āļ›āđ‡āļ™āđ€āļ„āļĢāļ·āđˆāļ­āļ‡āļĄāļ·āļ­ opensource āļ—āļĩāđˆāļ–āļđāļāļŠāļĢāđ‰āļēāļ‡āđ‚āļ”āļĒāļšāļĢāļīāļĐāļąāļ— Sysdig āđāļĨāļ°āļ āļēāļĒāļŦāļĨāļąāļ‡āđ„āļ”āđ‰āļĄāļ­āļšāđƒāļŦāđ‰āļāļąāļš Cloud Native Computing Foundation (CNCF) āļ–āļđāļāļŠāļĢāđ‰āļēāļ‡āļ‚āļķāđ‰āļ™āļĄāļēāđ€āļžāļ·āđˆāļ­āđ€āļāđ‰āļēāļĢāļ°āļ§āļąāļ‡āđāļĨāļ°āļ•āļĢāļ§āļˆāļˆāļąāļšāļžāļĪāļ•āļīāļāļĢāļĢāļĄāļ—āļĩāđˆāļœāļīāļ”āļ›āļāļ•āļīāđƒāļ™āļĢāļ°āļšāļš container, host, āļŦāļĢāļ·āļ­āđāļĄāđ‰āļāļĢāļ°āļ—āļąāđˆāļ‡āđƒāļ™ Kubernetes āđāļšāļš real-time āđāļĨāļ°āļˆāļ°āļ—āļģāļāļēāļĢāđāļˆāđ‰āļ‡āđ€āļ•āļ·āļ­āļ™āđ„āļ›āļĒāļąāļ‡āļœāļđāđ‰āļ”āļđāđāļĨāļ•āļēāļĄāļ—āļĩāđˆāļāļģāļŦāļ™āļ”

āļāļēāļĢāļ—āļģāļ‡āļēāļ™āļ‚āļ­āļ‡ Falco āļˆāļ°āļĄāļĩāļāļēāļĢ monitor kernel āđāļĨāļ°āļ„āļ­āļĒāļŠāļ­āļ”āļŠāđˆāļ­āļ‡ event āļ•āđˆāļēāļ‡āđ†āļ—āļĩāđˆāđ„āļĄāđˆāļ›āļāļ•āļīāļŦāļĢāļ·āļ­āļ­āļēāļˆāļˆāļ°āđ€āļ›āđ‡āļ™āļāļēāļĢāđ‚āļˆāļĄāļ•āļĩ āđ€āļŠāđˆāļ™ āļāļēāļĢāđ€āļžāļīāđˆāļĄāļŠāļīāļ—āļ˜āļīāđŒāļ—āļĩāđˆāđ„āļĄāđˆāđ€āļŦāļĄāļēāļ°āļŠāļĄ (Privilege Escalation) āļāļēāļĢāđ€āļ‚āđ‰āļēāļ–āļķāļ‡āđ„āļŸāļĨāđŒāļ—āļĩāđˆāđ„āļĄāđˆāļ„āļ§āļĢ āļŦāļĢāļ·āļ­āļžāļĪāļ•āļīāļāļĢāļĢāļĄāļ—āļĩāđˆāļĄāļĩāļ„āļ§āļēāļĄāđ€āļŠāļĩāđˆāļĒāļ‡āļ­āļ·āđˆāļ™ āđ† āđāļĨāļ°āļˆāļ°āļ™āļģāļžāļĪāļ•āļīāļāļĢāļĢāļĄāđ€āļŦāļĨāđˆāļēāļ™āļąāđ‰āļ™āđ„āļ›āđ€āļ—āļĩāļĒāļšāļāļąāļšāļ‚āđ‰āļ­āļĄāļđāļĨāļ—āļĩāđˆāļ–āļđāļ config āđ„āļ§āđ‰āđƒāļ™ rule file āļŦāļēāļāļ•āļĢāļ‡āļ•āļēāļĄāđ€āļ‡āļ·āđˆāļ­āļ™āđ„āļ‚ āļˆāļ°āļ–āļ·āļ­āļ§āđˆāļēāļ–āļđāļāđ‚āļˆāļĄāļ•āļĩāļ­āļĒāļđāđˆ āđāļĨāļ°āļ—āļģāļāļēāļĢāđāļˆāđ‰āļ‡āđ€āļ•āļ·āļ­āļ™āļ—āļąāļ™āļ—āļĩ āđ€āļžāļ·āđˆāļ­āđƒāļŦāđ‰āļœāļđāđ‰āļ”āļđāđāļĨāļĢāļ°āļšāļšāļŠāļēāļĄāļēāļĢāļ–āđ€āļ‚āđ‰āļēāļĄāļēāļ•āļĢāļ§āļˆāļŠāļ­āļšāđāļĨāļ°āđāļāđ‰āđ„āļ‚āļ›āļąāļāļŦāļēāđ„āļ”āđ‰āļ­āļĒāđˆāļēāļ‡āļĢāļ§āļ”āđ€āļĢāđ‡āļ§ āļ™āļ­āļāļˆāļēāļāļ™āļĩāđ‰āļĒāļąāļ‡āļŠāļēāļĄāļēāļĢāļ–āđ€āļāđ‡āļšāļĢāļ§āļšāļĢāļ§āļĄ event āđāļĨāļ°āđ„āļ› analyze āļšāļ™āļĢāļ°āļšāļš SIEM āļŦāļĢāļ·āļ­ data lake āļ āļēāļĒāļ™āļ­āļāđ„āļ”āđ‰āļ­āļĩāļāļ”āđ‰āļ§āļĒ

āļ•āļąāļ§āļ­āļĒāđˆāļēāļ‡āļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡ falco āļšāļ™ Kubernetes

āđ€āļ•āļĢāļĩāļĒāļĄ value file āļŠāļ·āđˆāļ­ falco.values.yaml

falcosidekick:
  enabled: true
  webui:
    enabled: true
  config:
    teams:
      webhookurl: "<your webhook url>"
      minimumpriority: warning

āļŠāļąāđˆāļ‡āļ„āļģāļŠāļąāđˆāļ‡āļ”āļąāļ‡āļ™āļĩāđ‰

helm repo add falcosecurity https://falcosecurity.github.io/charts
helm repo update
helm upgrade --install falco falcosecurity/falco --namespace falco --create-namespace -f falco.values.yaml

āļ—āļ”āļŠāļ­āļš alarm

kubectl create deployment nginx --image=nginx
kubectl exec -it $(kubectl get pods --selector=app=nginx -o name) -- cat /etc/shadow

cleanup

kubectl delete deployment nginx

Uninstall Falco

helm uninstall falco -n falco

PreviousCertbot (LV.1)NextHashicorp Vault

Last updated 7 months ago

Was this helpful?