mirror of
https://github.com/falcosecurity/falco.git
synced 2026-04-04 11:02:16 +00:00
86 lines
4.6 KiB
Markdown
86 lines
4.6 KiB
Markdown
<p align="center"><img src="https://raw.githubusercontent.com/falcosecurity/community/master/logo/primary-logo.png" width="360"></p>
|
|
<p align="center"><b>Cloud Native Runtime Security.</b></p>
|
|
|
|
<hr>
|
|
|
|
# The Falco Project
|
|
|
|
[](https://circleci.com/gh/falcosecurity/falco) [](https://bestpractices.coreinfrastructure.org/projects/2317) [](COPYING)
|
|
|
|
### Download
|
|
|
|
Read the [change log](CHANGELOG.md).
|
|
|
|
| | development | stable |
|
|
|--------|-----------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------|
|
|
| rpm | [][1] | [][2] |
|
|
| deb | [][3] | [][4] |
|
|
| binary | [][5] | [][6] |
|
|
|
|
---
|
|
|
|
The Falco Project supports a cloud-native runtime security tool, as well as ancillary projects and integrations that surround it.
|
|
Falco is a daemon that can run either directly on a host, or in a container.
|
|
Falco observes system calls at runtime and builds a model of the system in memory.
|
|
As events occur the events are parsed through a rules engine.
|
|
If a rule is violated, an alert occurs.
|
|
Alerts are dynamic and configurable using the Falco SDKs.
|
|
|
|
|
|
Falco ships with a sane set of default rules. These rules look for things like:
|
|
|
|
- A shell is running inside a container.
|
|
- A container is running in privileged mode, or is mounting a sensitive path, such as `/proc`, from the host.
|
|
- A server process is spawning a child process of an unexpected type.
|
|
- Unexpected read of a sensitive file, such as `/etc/shadow`.
|
|
- A non-device file is written to `/dev`.
|
|
- A standard system binary, such as `ls`, is making an outbound network connection.
|
|
|
|
|
|
### Installing Falco
|
|
|
|
You can find the latest release downloads on the official [release archive](https://bintray.com/falcosecurity)
|
|
|
|
Furthermore the comprehensive [installation guide](https://falco.org/docs/installation/) for Falco is available in the documentation website.
|
|
|
|
#### How do you compare Falco with other security tools?
|
|
|
|
One of the questions we often get when we talk about Falco is “How does Falco differ from other Linux security tools such as SELinux, AppArmor, Auditd, etc.?”. We wrote a [blog post](https://sysdig.com/blog/selinux-seccomp-falco-technical-discussion/) comparing Falco with other tools.
|
|
|
|
|
|
Documentation
|
|
---
|
|
|
|
See [Falco Documentation](https://falco.org/docs/) to quickly get started using Falco.
|
|
|
|
Join the Community
|
|
---
|
|
|
|
To get involved with The Falco Project please visit [the community repository](https://github.com/falcosecurity/community) to find more.
|
|
|
|
License Terms
|
|
---
|
|
|
|
Falco is licensed to you under the [Apache 2.0](./COPYING) open source license.
|
|
|
|
Contributing
|
|
---
|
|
|
|
See the [CONTRIBUTING.md](./CONTRIBUTING.md).
|
|
|
|
Security
|
|
---
|
|
|
|
### Security Audit
|
|
|
|
A third party security audit was performed by Cure53, you can see the full report [here](./audits/SECURITY_AUDIT_2019_07.pdf).
|
|
|
|
### Reporting security vulnerabilities
|
|
Please report security vulnerabilities following the community process documented [here](https://github.com/falcosecurity/.github/blob/master/SECURITY.md).
|
|
|
|
[1]: https://dl.bintray.com/falcosecurity/rpm-dev
|
|
[2]: https://dl.bintray.com/falcosecurity/rpm
|
|
[3]: https://dl.bintray.com/falcosecurity/deb-dev/stable
|
|
[4]: https://dl.bintray.com/falcosecurity/deb/stable
|
|
[5]: https://dl.bintray.com/falcosecurity/bin-dev/x86_64
|
|
[6]: https://dl.bintray.com/falcosecurity/bin/x86_64 |