imjliu

Background Recently I have been struggled with falco crashes and OOM issue. After seeking for community help is hopeless, I decide to check on my own. So better I have some background information in it bfore I begin. Content First let me briefly describe how kernel allocates memory. Cpu initiates a comamnd to ask for…

Continue Reading →

Background we are using falco to monitor unsafe actions in our cluster and pushing alerts and logs to sidekick to let sidekick pushing those to alertmanager and loki。 However, those connections are all plain connections. For security purpose, we have to enable mtls for all communications Details For falco => sidekick, first of all, it…

Continue Reading →

Background falco is a tool to monitoring system security events, we can define different security rules to monitoring events we want. it provides three different ways to realize the function, kernel module, ebpf, modern_ebpf. Among them all, modern_ebpf is the simplest way and indeed its the default way. My issues Although falco is adopted widely,…

Continue Reading →