imjliu

Background we are using falco to monitor unsafe actions in our cluster and pushing alerts and logs to sidekick to let sidekick pushing those to alertmanager and loki。 However, those connections are all plain connections. For security purpose, we have to enable mtls for all communications Details For falco => sidekick, first of all, it…

Continue Reading →

Background falco is a tool to monitoring system security events, we can define different security rules to monitoring events we want. it provides three different ways to realize the function, kernel module, ebpf, modern_ebpf. Among them all, modern_ebpf is the simplest way and indeed its the default way. My issues Although falco is adopted widely,…

Continue Reading →

Alerts received alerts for financial drop Checking Check network dashboard, network servers’ qps are dropping to merely 0 login to that server, check the nginx error logs finding many segfault is happending but core dump function is not enabled Countermeasure Using chef 2. Enable core dump functions for nginx services

Continue Reading →