Date   

Falco Community Call - Wed, 05/05/2021 4:00pm-5:00pm #cal-reminder

cncf-falco-dev@lists.cncf.io Calendar <cncf-falco-dev@...>
 

Reminder: Falco Community Call

When: Wednesday, 5 May 2021, 4:00pm to 5:00pm, (GMT+00:00) UTC

Where:https://zoom.us/my/cncffalcoproject

View Event

Organizer: CNCF Falco Community cncf-falco-dev@...

Description: Falco Community Calls.
More information: https://github.com/falcosecurity/community
HackMD: https://hackmd.io/6sEAlInlSaGnLz2FnFz21A
Zoom: Join the call: https://zoom.us/my/cncffalcoproject


request for panel at CNCF Slovakian Meetup

Pohronsky Filip
 

Dear Falco project representatives,
I would like to invite you to our regular CNCF meetup for a group of DevOps and enthusiasts in our little country Slovakia in Europe.
In the numbers this is 21-st meetup and is devoted to Security & Compliance.
I’m kindly asking you to present your open-source project Falco.
What you try to solve with your project, what you already achieved and how to use your project.
 
We are a team of around +250 members, have around +60 members per our online event and other ones look on offline Facebook video recordings.
Example of our presentation about CNCF Slovakia is here: https://docs.google.com/presentation/d/1tellCw752lxOb9yeivt_m7eeETxutAXZw4jvzDFWonM/edit?usp=sharing
We have a slack channel and FB fan page: https://www.facebook.com/cloudnativesk
 
The 21-st meetup of our community is on June, 16-th 2021 starting at 18:00 CET.
Did my offer interested you?
Will you join us and share your 30 – 40 minutes of the presentation time on our 21-th CNCF Kubernetes on-line meetup in Slovakia, Europe?
 
Best Regards,
Filip
CNCF Slovakia Community Coordinator


Falco Community Call - Wed, 04/28/2021 4:00pm-5:00pm #cal-reminder

cncf-falco-dev@lists.cncf.io Calendar <cncf-falco-dev@...>
 

Reminder: Falco Community Call

When: Wednesday, 28 April 2021, 4:00pm to 5:00pm, (GMT+00:00) UTC

Where:https://zoom.us/my/cncffalcoproject

View Event

Organizer: CNCF Falco Community cncf-falco-dev@...

Description: Falco Community Calls.
More information: https://github.com/falcosecurity/community
HackMD: https://hackmd.io/6sEAlInlSaGnLz2FnFz21A
Zoom: Join the call: https://zoom.us/my/cncffalcoproject


Falco for Windows Containers?

anish2good@...
 

Can. I use Falco for Windows Containers?


Features in falco

Laurent Simon
 

Hi

I have some basic questions about the features supported by falco. Namely, 

1. Does it support custom syscall hook rules? Example: we want to hook into **mprotect** syscall, can we do that? Can you point me to a link?

2. How do we monitor userspace code? Example: we want to catch reads of environment variables, how can we achieve that? Do you have a link with an example?

3. Does falco support record-and-replay?

Thanks in advance!


Falco Community Call - Wed, 04/21/2021 4:00pm-5:00pm #cal-reminder

cncf-falco-dev@lists.cncf.io Calendar <cncf-falco-dev@...>
 

Reminder: Falco Community Call

When: Wednesday, 21 April 2021, 4:00pm to 5:00pm, (GMT+00:00) UTC

Where:https://zoom.us/my/cncffalcoproject

View Event

Organizer: CNCF Falco Community cncf-falco-dev@...

Description: Falco Community Calls.
More information: https://github.com/falcosecurity/community
HackMD: https://hackmd.io/6sEAlInlSaGnLz2FnFz21A
Zoom: Join the call: https://zoom.us/my/cncffalcoproject


Proposing Falco for CNCF graduation

Leonardo Di Donato
 

Hello everyone!

On behalf of all the Falco maintainers, I'm here to announce that we are proposing Falco (and its ecosystem) for CNCF graduation.

In this PR (https://github.com/cncf/toc/pull/641) you can find the document containing all the details about the Falco ecosystem's impressive growth during the last year(s).

 

I also want to personally thank everyone in this fantastic community!
Thanks for being part of this and helping us improve Falco projects day after day.

 

Go show some love 💌 on the pull request above if you want to 🤗

 

Bests,

Leo.


Falco Community Call - Wed, 04/14/2021 4:00pm-5:00pm #cal-reminder

cncf-falco-dev@lists.cncf.io Calendar <cncf-falco-dev@...>
 

Reminder: Falco Community Call

When: Wednesday, 14 April 2021, 4:00pm to 5:00pm, (GMT+00:00) UTC

Where:https://zoom.us/my/cncffalcoproject

View Event

Organizer: CNCF Falco Community cncf-falco-dev@...

Description: Falco Community Calls.
More information: https://github.com/falcosecurity/community
HackMD: https://hackmd.io/6sEAlInlSaGnLz2FnFz21A
Zoom: Join the call: https://zoom.us/my/cncffalcoproject


Announcement: Falco 0.28.0 is out!

Leonardo Di Donato
 

Hello everyone! 

Today we announce the release of Falco 0.28.0.

It's a substantial release we all were waiting for.

It contains some breaking changes you should be aware of:

- the Falco packages (both stable ones and the ones from master) will be - from now on - published to https://download.falco.org (where we moved also the previous Falco versions)
- support for the `SKIP_MODULE_LOAD` environment variable (when using the Falco container images) has been definitely removed, use `SKIP_DRIVER_LOADER` introduced in Falco 0.24.0 to obtain the same result
- DEB and RPM Falco packages finally come with a systemd service file

Anyway, there's a lot more!

Please read the release blog post and the changelog. 🖇️

 

Leo on behalf of the Falco maintainers and the Falco community. 👋

 


Falco Community Call - Wed, 04/07/2021 4:00pm-5:00pm #cal-reminder

cncf-falco-dev@lists.cncf.io Calendar <cncf-falco-dev@...>
 

Reminder: Falco Community Call

When: Wednesday, 7 April 2021, 4:00pm to 5:00pm, (GMT+00:00) UTC

Where:https://zoom.us/my/cncffalcoproject

View Event

Organizer: CNCF Falco Community cncf-falco-dev@...

Description: Falco Community Calls.
More information: https://github.com/falcosecurity/community
HackMD: https://hackmd.io/6sEAlInlSaGnLz2FnFz21A
Zoom: Join the call: https://zoom.us/my/cncffalcoproject


Falco Community Call - Wed, 03/31/2021 4:00pm-5:00pm #cal-reminder

cncf-falco-dev@lists.cncf.io Calendar <cncf-falco-dev@...>
 

Reminder: Falco Community Call

When: Wednesday, 31 March 2021, 4:00pm to 5:00pm, (GMT+00:00) UTC

Where:https://zoom.us/my/cncffalcoproject

View Event

Organizer: CNCF Falco Community cncf-falco-dev@...

Description: Falco Community Calls.
More information: https://github.com/falcosecurity/community
HackMD: https://hackmd.io/6sEAlInlSaGnLz2FnFz21A
Zoom: Join the call: https://zoom.us/my/cncffalcoproject


SURVEY: Falco Spring 2021 -- Quick Survey

Dan Papandrea
 

 

 

Hello All,  

We put together some survey questions [0] about Falco to help better understand the communities usage and requirements around the project.  This will be useful to share with the community when the results are accumulated. 

You could also be eligible for a Falco Swag pack for filling out the survey completely by April 16th.  Free EXCLUSIVE Swag!  WIN WIN!

Feel free to reach out via [1] Falco Slack if you have any questions.


--Falco Team


[0] -  https://forms.gle/RrsPz26iRNhY2Pmn8 

[1] -  https://kubernetes.slack.com/messages/falco 

 

 


Falco Community Call - Wed, 03/24/2021 4:00pm-5:00pm #cal-reminder

cncf-falco-dev@lists.cncf.io Calendar <cncf-falco-dev@...>
 

Reminder: Falco Community Call

When: Wednesday, 24 March 2021, 4:00pm to 5:00pm, (GMT+00:00) UTC

Where:https://zoom.us/my/cncffalcoproject

View Event

Organizer: CNCF Falco Community cncf-falco-dev@...

Description: Falco Community Calls.
More information: https://github.com/falcosecurity/community
HackMD: https://hackmd.io/6sEAlInlSaGnLz2FnFz21A
Zoom: Join the call: https://zoom.us/my/cncffalcoproject


Falco Community Call - Wed, 03/17/2021 4:00pm-5:00pm #cal-reminder

cncf-falco-dev@lists.cncf.io Calendar <cncf-falco-dev@...>
 

Reminder: Falco Community Call

When: Wednesday, 17 March 2021, 4:00pm to 5:00pm, (GMT+00:00) UTC

Where:https://zoom.us/my/cncffalcoproject

View Event

Organizer: CNCF Falco Community cncf-falco-dev@...

Description: Falco Community Calls.
More information: https://github.com/falcosecurity/community
HackMD: https://hackmd.io/6sEAlInlSaGnLz2FnFz21A
Zoom: Join the call: https://zoom.us/my/cncffalcoproject


Falco Community Call - Wed, 03/10/2021 4:00pm-5:00pm #cal-reminder

cncf-falco-dev@lists.cncf.io Calendar <cncf-falco-dev@...>
 

Reminder: Falco Community Call

When: Wednesday, 10 March 2021, 4:00pm to 5:00pm, (GMT+00:00) UTC

Where:https://zoom.us/my/cncffalcoproject

View Event

Organizer: CNCF Falco Community cncf-falco-dev@...

Description: Falco Community Calls.
More information: https://github.com/falcosecurity/community
HackMD: https://hackmd.io/6sEAlInlSaGnLz2FnFz21A
Zoom: Join the call: https://zoom.us/my/cncffalcoproject


Falco Community Call - Wed, 03/03/2021 4:00pm-5:00pm #cal-reminder

cncf-falco-dev@lists.cncf.io Calendar <cncf-falco-dev@...>
 

Reminder: Falco Community Call

When: Wednesday, 3 March 2021, 4:00pm to 5:00pm, (GMT+00:00) UTC

Where:https://zoom.us/my/cncffalcoproject

View Event

Organizer: CNCF Falco Community cncf-falco-dev@...

Description: Falco Community Calls.
More information: https://github.com/falcosecurity/community
HackMD: https://hackmd.io/6sEAlInlSaGnLz2FnFz21A
Zoom: Join the call: https://zoom.us/my/cncffalcoproject


Falco Community Call - Wed, 02/24/2021 4:00pm-5:00pm #cal-reminder

cncf-falco-dev@lists.cncf.io Calendar <cncf-falco-dev@...>
 

Reminder: Falco Community Call

When: Wednesday, 24 February 2021, 4:00pm to 5:00pm, (GMT+00:00) UTC

Where:https://zoom.us/my/cncffalcoproject

View Event

Organizer: CNCF Falco Community cncf-falco-dev@...

Description: Falco Community Calls.
More information: https://github.com/falcosecurity/community
HackMD: https://hackmd.io/6sEAlInlSaGnLz2FnFz21A
Zoom: Join the call: https://zoom.us/my/cncffalcoproject


Internationalization - Request to add Bengali (BN)

Abu Zafar
 

Willing to provide complete support and dedicate regular time for adding Bengali (BN)


Re: Run Falco as sidecar container in Amazon Elastic Kubernetes service(EKS)

Rajeev
 

I tried to create event on a specific pod and check its logs. i don't see any audit logs generated.

what exactly i did:
*) selected a specific pod in my containers and did tail of running logs with below command: (in this pod, along with application container name explorer, there are side car containers running to push logs to cloud watch. one is fluentd and other is log rotate)


kubectl logs -f explorer-d4c8cbc76-trxwt -n bhadra-graph-beta -c explorer


*) now i logged into application container terminal and generated event 

touch /etc/2
cat /etc/shadow > /dev/null 2>&1



I do not see any logs in container logs. am i missing anything?


let me know if i can provide any additional information for you to understand this issue.



From: Spencer Krum <nibz@...>
Sent: 22 February 2021 22:39
To: Rajeev <rajeev@...>; cncf-falco-dev@... <cncf-falco-dev@...>
Subject: Re: [cncf-falco-dev] Run Falco as sidecar container in Amazon Elastic Kubernetes service(EKS)
 
Hi Rajeev,

It looks from your log output that you have successfully installed falco. You need to check for logs on the same node that you are doing the activity, so verify that (`kubectl get pod -o wide` helps). I do see a lot of drops but you should be seeing events.

Cheers,
Spencer

On Mon, Feb 22, 2021, at 10:44 AM, Rajeev wrote:
it is showing pods properly. 

Generated the activity like below:
touch /etc/2
cat /etc/shadow > /dev/null 2>&1

I don't see any new logs on Falco pods. Falco pods are running in default namespace.  Even i am trying to generate is on different namespace. Will there be any affect due to this?

How can i validate if daemon is running on any node?





From: cncf-falco-dev@... <cncf-falco-dev@...> on behalf of Spencer Krum via lists.cncf.io <nibz=spencerkrum.com@...>
Sent: 22 February 2021 22:02
To: cncf-falco-dev@... <cncf-falco-dev@...>
Subject: Re: [cncf-falco-dev] Run Falco as sidecar container in Amazon Elastic Kubernetes service(EKS)
 
Hi Rajeev,

Can you show the output of several commands for us?

helm list

kubectl get ds -o wide

kubectl get node

kubectl get pod -o wide | grep falco

If you can find a falco pod you can run `kubectl logs <pod>` directly to see if it's generating anything on stdout. And you can create synthetic events as mentioned in that blog post.

Hope this helps!
Spencer

On Mon, Feb 22, 2021, at 10:13 AM, Rajeev wrote:


It is not reporting logs. not sure if i missed any important step.

Could you please point me to any reference document which i can replicate and validate working setup 
or
 throw some pointers like installing as daemon and validating installation.






From: Dan Miles (UK) <daniel.miles@...>
Sent: 22 February 2021 19:54
To: Rajeev <rajeev@...>
Cc: cncf-falco-dev@... <cncf-falco-dev@...>
Subject: Re: [cncf-falco-dev] Run Falco as sidecar container in Amazon Elastic Kubernetes service(EKS)
 
Hi Rajeev,

The correct pattern here is not a sidecar but a daemonset. 

We do something similar with GKE and ephemeral nodes, a daemonset will ensure that Falco is available across each node as they come up. 

A sidecar really isn’t the pattern here

-Dan


On Mon, 22 Feb 2021 at 13:25, Rajeev <rajeev@...> wrote:

Hi, 

   We are using amazon Elastic Kubernetes Service with no dedicated nodes to deploy our stateless services. Now i want to use Falco for runtime container security. But as EKS spins ephemeral pods on dynamic nodes, i was not able to install Falco. 

Some developers are suggesting to run it as sidecar container in each pod so that it listens from there and logs which can be transferred to Amazon CloudWatch.

Can someone point me to docker image of falco to run as side car container. also share if there are any published resources available to deploy falco into EKS


Thanks,
Rajeev




-------------------- End of message text --------------------
We're working with our industry experts to provide businesses with the information they need to respond to COVID-19. Subscribe here to receive our latest insights and podcast episodes straight to your inbox.
----------------------------------------------------------------
This email is confidential and is intended for the addressee only. If you are not the addressee, please delete the email and do not use it in any way.
PricewaterhouseCoopers LLP accepts no liability for any use of or reliance on this email by anyone, other than the intended addressee to the extent agreed in the relevant contract for the matter to which this email relates (if any).
PricewaterhouseCoopers LLP is a limited liability partnership registered in England under registered number OC303525, with its registered address at 1 Embankment Place, London, WC2N 6RH. It is authorised and regulated by the Financial Conduct Authority for designated investment business and by the Solicitors Regulation Authority for regulated legal activities. For security purposes and other lawful business purposes, PwC monitors outgoing and incoming emails and may monitor other telecommunications on its email and telecommunications systems.
----------------------------------------------------------------
Visit our website http://www.pwc.com/uk and see our privacy statement for details of why and how we use personal data and your rights (including your right to object and to stop receiving direct marketing from us).
----------------------------------------------------------------


-- 
  Spencer Krum



Attachments:
  • Screenshot 2021-02-22 at 10.09.47 PM.png
  • Screenshot 2021-02-22 at 10.10.09 PM.png
  • Screenshot 2021-02-22 at 10.11.29 PM.png

-- 
  Spencer Krum



Re: Run Falco as sidecar container in Amazon Elastic Kubernetes service(EKS)

 

Hi Rajeev,

It looks from your log output that you have successfully installed falco. You need to check for logs on the same node that you are doing the activity, so verify that (`kubectl get pod -o wide` helps). I do see a lot of drops but you should be seeing events.

Cheers,
Spencer

On Mon, Feb 22, 2021, at 10:44 AM, Rajeev wrote:
it is showing pods properly. 

Generated the activity like below:
touch /etc/2
cat /etc/shadow > /dev/null 2>&1

I don't see any new logs on Falco pods. Falco pods are running in default namespace.  Even i am trying to generate is on different namespace. Will there be any affect due to this?

How can i validate if daemon is running on any node?





From: cncf-falco-dev@... <cncf-falco-dev@...> on behalf of Spencer Krum via lists.cncf.io <nibz=spencerkrum.com@...>
Sent: 22 February 2021 22:02
To: cncf-falco-dev@... <cncf-falco-dev@...>
Subject: Re: [cncf-falco-dev] Run Falco as sidecar container in Amazon Elastic Kubernetes service(EKS)
 
Hi Rajeev,

Can you show the output of several commands for us?

helm list

kubectl get ds -o wide

kubectl get node

kubectl get pod -o wide | grep falco

If you can find a falco pod you can run `kubectl logs <pod>` directly to see if it's generating anything on stdout. And you can create synthetic events as mentioned in that blog post.

Hope this helps!
Spencer

On Mon, Feb 22, 2021, at 10:13 AM, Rajeev wrote:


It is not reporting logs. not sure if i missed any important step.

Could you please point me to any reference document which i can replicate and validate working setup 
or
 throw some pointers like installing as daemon and validating installation.






From: Dan Miles (UK) <daniel.miles@...>
Sent: 22 February 2021 19:54
To: Rajeev <rajeev@...>
Cc: cncf-falco-dev@... <cncf-falco-dev@...>
Subject: Re: [cncf-falco-dev] Run Falco as sidecar container in Amazon Elastic Kubernetes service(EKS)
 
Hi Rajeev,

The correct pattern here is not a sidecar but a daemonset. 

We do something similar with GKE and ephemeral nodes, a daemonset will ensure that Falco is available across each node as they come up. 

A sidecar really isn’t the pattern here

-Dan


On Mon, 22 Feb 2021 at 13:25, Rajeev <rajeev@...> wrote:

Hi, 

   We are using amazon Elastic Kubernetes Service with no dedicated nodes to deploy our stateless services. Now i want to use Falco for runtime container security. But as EKS spins ephemeral pods on dynamic nodes, i was not able to install Falco. 

Some developers are suggesting to run it as sidecar container in each pod so that it listens from there and logs which can be transferred to Amazon CloudWatch.

Can someone point me to docker image of falco to run as side car container. also share if there are any published resources available to deploy falco into EKS


Thanks,
Rajeev




-------------------- End of message text --------------------
We're working with our industry experts to provide businesses with the information they need to respond to COVID-19. Subscribe here to receive our latest insights and podcast episodes straight to your inbox.
----------------------------------------------------------------
This email is confidential and is intended for the addressee only. If you are not the addressee, please delete the email and do not use it in any way.
PricewaterhouseCoopers LLP accepts no liability for any use of or reliance on this email by anyone, other than the intended addressee to the extent agreed in the relevant contract for the matter to which this email relates (if any).
PricewaterhouseCoopers LLP is a limited liability partnership registered in England under registered number OC303525, with its registered address at 1 Embankment Place, London, WC2N 6RH. It is authorised and regulated by the Financial Conduct Authority for designated investment business and by the Solicitors Regulation Authority for regulated legal activities. For security purposes and other lawful business purposes, PwC monitors outgoing and incoming emails and may monitor other telecommunications on its email and telecommunications systems.
----------------------------------------------------------------
Visit our website http://www.pwc.com/uk and see our privacy statement for details of why and how we use personal data and your rights (including your right to object and to stop receiving direct marketing from us).
----------------------------------------------------------------


-- 
  Spencer Krum



Attachments:
  • Screenshot 2021-02-22 at 10.09.47 PM.png
  • Screenshot 2021-02-22 at 10.10.09 PM.png
  • Screenshot 2021-02-22 at 10.11.29 PM.png

-- 
  Spencer Krum


1 - 20 of 249