CloudNativeRuntimeSecurity.
Wanttotalk?Joinusonthe#falcochannelintheKubernetesSlack.
LatestreleasesReadthechangelog.
developmentstablerpmdebbinaryTheFalcoProject,originallycreatedbySysdig,isanincubatingCNCFopensourcecloudnativeruntimesecuritytool.Falcomakesiteasytoconsumekernelevents,andenrichthoseeventswithinformationfromKubernetesandtherestofthecloudnativestack.FalcohasarichsetofsecurityrulesspecificallybuiltforKubernetes,Linux,andcloud-native.Ifaruleisviolatedinasystem,Falcowillsendanalertnotifyingtheuseroftheviolationanditsseverity.
InstallingFalcoIfyouwouldliketorunFalcoinproductionpleaseadheretotheofficialinstallationguide.
Kubernetes
ToolLinkNoteHelmChartRepositoryTheFalcocommunityoffersregularhelmchartreleases.MinikubeTutorialTheFalcodriverhasbeenbakedintominikubeforeasydeployment.KindTutorialRunningFalcowithkindrequiresadriveronthehostsystem.GKETutorialWesuggestusingtheeBPFdriverforrunningFalcoonGKE.DevelopingFalcoisdesignedtobeextensiblesuchthatitcanbebuiltintocloud-nativeapplicationsandinfrastructure.
FalcohasagRPCendpointandanAPIdefinedinprotobuf.TheFalcoProjectsupportsvariousSDKsforthisendpoint.
SDKs
LanguageRepositoryGoclient-goRustclient-rsPythonclient-pyWhatcanFalcodetect?FalcocandetectandalertonanybehaviorthatinvolvesmakingLinuxsystemcalls.Falcoalertscanbetriggeredbytheuseofspecificsystemcalls,theirarguments,andbypropertiesofthecallingprocess.Forexample,Falcocaneasilydetectincidentsincludingbutnotlimitedto:
AshellisrunninginsideacontainerorpodinKubernetes.Acontainerisrunninginprivilegedmode,orismountingasensitivepath,suchas/proc,fromthehost.Aserverprocessisspawningachildprocessofanunexpectedtype.Unexpectedreadofasensitivefile,suchas/etc/shadow.Anon-devicefileiswrittento/dev.Astandardsystembinary,suchasls,ismakinganoutboundnetworkconnection.AprivilegedpodisstartedinaKubernetescluster.DocumentationTheOfficialDocumentationisthebestresourcetolearnaboutFalco.
JointheCommunityTogetinvolvedwithTheFalcoProjectpleasevisitthecommunityrepositorytofindmore.
Howtoreachout?
Jointhe#falcochannelontheKubernetesSlackJointheFalcomailinglistReadtheFalcodocumentationContributingSeetheCONTRIBUTING.md.
SecurityAuditAthirdpartysecurityauditwasperformedbyCure53,youcanseethefullreporthere.
ReportingsecurityvulnerabilitiesPleasereportsecurityvulnerabilitiesfollowingthecommunityprocessdocumentedhere.
LicenseTermsFalcoislicensedtoyouundertheApache2.0opensourcelicense.
评论