mirror of
https://github.com/falcosecurity/falco.git
synced 2026-03-20 03:32:09 +00:00
Compare commits
28 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
670736d87e | ||
|
75b816d806 | ||
|
|
194a017d8f | ||
|
|
ff376d312b | ||
|
|
807c00b827 | ||
|
|
db419459aa | ||
|
|
36a095ccb3 | ||
|
f4b0b3c096 | ||
|
|
e546555de8 | ||
|
|
1fb53eefdb | ||
|
|
44e88f28a4 | ||
|
|
62c1a0440d | ||
|
|
ddf55d3c8e | ||
|
|
bd7a9733fd | ||
|
ff299c1d43 | ||
|
|
5e38f130cc | ||
|
|
470710366b | ||
|
|
6acb13e6bb | ||
|
b496116fe3 | ||
|
|
2a0911dcfd | ||
|
|
94df00e512 | ||
|
|
3ee76637f4 | ||
|
|
e8aee19f6c | ||
|
|
74556e5f6e | ||
|
|
809d20c294 | ||
|
|
b0ae29c23a | ||
|
|
d1b6b2be87 | ||
|
|
e00181d553 |
@@ -166,4 +166,5 @@ program_output:
|
||||
|
||||
http_output:
|
||||
enabled: false
|
||||
url: http://some.url
|
||||
url: http://some.url
|
||||
|
||||
|
||||
@@ -59,7 +59,8 @@ Now that we have the requirements for our Daemon Set in place, we can create our
|
||||
|
||||
```
|
||||
k8s-using-daemonset$ kubectl create -f k8s-with-rbac/falco-daemonset-configmap.yaml
|
||||
daemonset "falco" created
|
||||
daemonset.extensions "falco-daemonset" created
|
||||
|
||||
k8s-using-daemonset$
|
||||
```
|
||||
|
||||
@@ -97,14 +98,13 @@ In order to test that Falco is working correctly, you can launch a shell in a Po
|
||||
|
||||
```
|
||||
k8s-using-daemonset$ kubectl get pods
|
||||
NAME READY STATUS RESTARTS AGE
|
||||
falco-74htl 1/1 Running 0 13h
|
||||
falco-fqz2m 1/1 Running 0 13h
|
||||
falco-sgjfx 1/1 Running 0 13h
|
||||
k8s-using-daemonset$ kubectl exec -it falco-74htl bash
|
||||
root@falco-74htl:/# exit
|
||||
k8s-using-daemonset$ kubectl logs falco-74htl
|
||||
{"output":"17:48:58.590038385: Notice A shell was spawned in a container with an attached terminal (user=root k8s.pod=falco-74htl container=a98c2aa8e670 shell=bash parent=<NA> cmdline=bash terminal=34816)","priority":"Notice","rule":"Terminal shell in container","time":"2017-12-20T17:48:58.590038385Z", "output_fields": {"container.id":"a98c2aa8e670","evt.time":1513792138590038385,"k8s.pod.name":"falco-74htl","proc.cmdline":"bash ","proc.name":"bash","proc.pname":null,"proc.tty":34816,"user.name":"root"}}
|
||||
NAME READY STATUS RESTARTS AGE
|
||||
falco-daemonset-b695d 1/1 Running 0 2d
|
||||
falco-daemonset-n8q2v 1/1 Running 0 2d
|
||||
k8s-using-daemonset$ kubectl exec -it falco-daemonset-b695d bash
|
||||
root@falco-daemonset-b695d:/# exit
|
||||
k8s-using-daemonset$ kubectl logs falco-daemonset-b695d
|
||||
07:16:09.217866519: Error File below known binary directory renamed/removed (user=root command=event_generator pcmdline=<NA> operation=rename file=<NA> res=0 oldpath=/bin/true newpath=/bin/true.event-generator-sh ) k8s.ns=default k8s.pod=falco-event-generator-deployment-645444689b-j6mth container=0e67aad65846 k8s.ns=default k8s.pod=falco-event-generator-deployment-645444689b-j6mth container=0e67aad65846
|
||||
k8s-using-daemonset$
|
||||
```
|
||||
|
||||
|
||||
Reference in New Issue
Block a user