falco-security Cloud Native Runtime Security开源项目

我要开发同款
匿名用户2021年11月26日
60阅读
所属分类Google Go、云计算、云原生
授权协议Apache-2.0 License

作品详情

 

CloudNativeRuntimeSecurity.

Wanttotalk?Joinusonthe#falcochannelintheKubernetesSlack.

Latestreleases

Readthechangelog.

 developmentstablerpmdebbinary

TheFalcoProject,originallycreatedbySysdig,isanincubatingCNCFopensourcecloudnativeruntimesecuritytool.Falcomakesiteasytoconsumekernelevents,andenrichthoseeventswithinformationfromKubernetesandtherestofthecloudnativestack.FalcohasarichsetofsecurityrulesspecificallybuiltforKubernetes,Linux,andcloud-native.Ifaruleisviolatedinasystem,Falcowillsendanalertnotifyingtheuseroftheviolationanditsseverity.

InstallingFalco

IfyouwouldliketorunFalcoinproductionpleaseadheretotheofficialinstallationguide.

Kubernetes

ToolLinkNoteHelmChartRepositoryTheFalcocommunityoffersregularhelmchartreleases.MinikubeTutorialTheFalcodriverhasbeenbakedintominikubeforeasydeployment.KindTutorialRunningFalcowithkindrequiresadriveronthehostsystem.GKETutorialWesuggestusingtheeBPFdriverforrunningFalcoonGKE.Developing

Falcoisdesignedtobeextensiblesuchthatitcanbebuiltintocloud-nativeapplicationsandinfrastructure.

FalcohasagRPCendpointandanAPIdefinedinprotobuf.TheFalcoProjectsupportsvariousSDKsforthisendpoint.

SDKs

LanguageRepositoryGoclient-goRustclient-rsPythonclient-pyWhatcanFalcodetect?

FalcocandetectandalertonanybehaviorthatinvolvesmakingLinuxsystemcalls.Falcoalertscanbetriggeredbytheuseofspecificsystemcalls,theirarguments,andbypropertiesofthecallingprocess.Forexample,Falcocaneasilydetectincidentsincludingbutnotlimitedto:

AshellisrunninginsideacontainerorpodinKubernetes.Acontainerisrunninginprivilegedmode,orismountingasensitivepath,suchas/proc,fromthehost.Aserverprocessisspawningachildprocessofanunexpectedtype.Unexpectedreadofasensitivefile,suchas/etc/shadow.Anon-devicefileiswrittento/dev.Astandardsystembinary,suchasls,ismakinganoutboundnetworkconnection.AprivilegedpodisstartedinaKubernetescluster.Documentation

TheOfficialDocumentationisthebestresourcetolearnaboutFalco.

JointheCommunity

TogetinvolvedwithTheFalcoProjectpleasevisitthecommunityrepositorytofindmore.

Howtoreachout?

Jointhe#falcochannelontheKubernetesSlackJointheFalcomailinglistReadtheFalcodocumentationContributing

SeetheCONTRIBUTING.md.

SecurityAudit

AthirdpartysecurityauditwasperformedbyCure53,youcanseethefullreporthere.

Reportingsecurityvulnerabilities

Pleasereportsecurityvulnerabilitiesfollowingthecommunityprocessdocumentedhere.

LicenseTerms

FalcoislicensedtoyouundertheApache2.0opensourcelicense.

声明:本文仅代表作者观点,不代表本站立场。如果侵犯到您的合法权益,请联系我们删除侵权资源!如果遇到资源链接失效,请您通过评论或工单的方式通知管理员。未经允许,不得转载,本站所有资源文章禁止商业使用运营!
下载安装【程序员客栈】APP
实时对接需求、及时收发消息、丰富的开放项目需求、随时随地查看项目状态

评论