Bug#842306: ITP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
- To: Dean Hamstead <dean@fragfest.com.au>, Evgeni Golov <evgeni@debian.org>, Harlan Lieberman-Berg <hlieberman@debian.org>, Julien Rabier <taziden@flexiden.org>, 842306@bugs.debian.org
- Subject: Bug#842306: ITP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
- From: Petter Reinholdtsen <pere@hungry.com>
- Date: Wed, 17 Jan 2024 21:26:24 +0100
- Message-id: <[🔎] sa68r4nemfj.fsf@hjemme.reinholdtsen.name>
- Reply-to: Petter Reinholdtsen <pere@hungry.com>, 842306@bugs.debian.org
- In-reply-to: <sa6v8q8hp62.fsf@hjemme.reinholdtsen.name>
- References: <20161027212422.e6kofmxs2aqhy4px@taupo> <20161029124035.hpnkctf2msrlcvwy@nana.phantasia.die-welt.net> <20161031180430.cz4p6q4uvr24nni7@taupo> <20161101160759.27rbjbd62nt4za5v@nana.phantasia.die-welt.net> <20161102114222.hvsdnrenaqeb7x3x@taupo> <20161102114222.hvsdnrenaqeb7x3x@taupo> <7fdb9a79-0289-c5aa-2d9f-61272c1687a2@fragfest.com.au> <20220621081954.GA10486@hjemme.reinholdtsen.name> <20220623081332.GA24402@hjemme.reinholdtsen.name> <sa6v8q8hp62.fsf@hjemme.reinholdtsen.name> <20161027212422.e6kofmxs2aqhy4px@taupo>
Just for the record, the latest edition of falco provide a "modern" ebpf
probe in the kernel that is provied inside the binary and no longer
require a kernel module. This allow the binary to work independent of
kernel version, as long as the kernel is new enough. Not sure how new,
but the feature set required has been present in the the Linux kernel
for some years now.
This make it a lot easier to deploy falco on many hosts.
--
Happy hacking
Petter Reinholdtsen
Reply to: