Bug#842306: ITP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
Just for the record, the latest edition of falco provide a "modern" ebpf probe in the kernel that is provied inside the binary and no longer require a kernel module. This allow the binary to work independent of kernel version, as long as the kernel is new enough. Not sure how new, but the feature set required has been present in the the Linux kernel for some years now. This make it a lot easier to deploy falco on many hosts. -- Happy hacking Petter Reinholdtsen
Bug#842306: ITP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
[Petter Reinholdtsen] > I have encountered some issues with the BPF build, which I assume are > solvable too. I found a solution and have published by git-buildpackage based repo with the build rules as https://salsa.debian.org/pere/falco >, in case it can help the future maintainer of falco in Debian. I lack the capacity to maintain it by myself in Debian. The current build sadly seem to download stuff from the Internet during build. No idea how to disable it, nor how much work it will be to get any required dependencies packaged for Debian. I guess the silence so far in the thread means no-one else is currently interested in getting falco into Debian. -- Happy hacking Petter Reinholdtsen
Bug#842306: ITP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
[Petter Reinholdtsen] > I tried building following the recipe listed on > https://falco.org/docs/getting-started/source/, but the cmake > file seem to reject the grpc libraries available. Perhaps you have > better luck? Or is the grpc libraries in Debian too old? I got the build working by installing a few more build dependencies. I have encountered some issues with the BPF build, which I assume are solvable too. -- Happy hacking Petter Petter Reinholdtsen
Bug#842306: ITP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
What happened with the plan to package falco in Debian? I tried building following the recipe listed on https://falco.org/docs/getting-started/source/, but the cmake file seem to reject the grpc libraries available. Perhaps you have better luck? Or is the grpc libraries in Debian too old? -- Happy hacking Petter Petter Reinholdtsen
Bug#842306: ITP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
Falco now has its very own website https://falco.org/ And github https://github.com/falcosecurity/falco +1 to getting this packaged On Wed, 2 Nov 2016 12:42:22 +0100 Julien Rabier wrote: > Le 01 nov. à 17:07, Evgeni Golov a écrit : > > Hi, > > > > On Mon, Oct 31, 2016 at 07:04:31PM +0100, Julien Rabier wrote: > > > > Would you like to join Harlan and me in maintaining sysdig itself too? > > > > > > Yes, that would be great ! > > > > You are "taziden-guest" on Alioth? And member of collab-maint? > > Then there is nothing more to do than to say welcome :) > > Yes, that's me indeed ! > I will start working on it some time next week. > > Julien/taziden > >
Bug#842306: ITP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
Le 01 nov. à 17:07, Evgeni Golov a écrit : > Hi, > > On Mon, Oct 31, 2016 at 07:04:31PM +0100, Julien Rabier wrote: > > > Would you like to join Harlan and me in maintaining sysdig itself too? > > > > Yes, that would be great ! > > You are "taziden-guest" on Alioth? And member of collab-maint? > Then there is nothing more to do than to say welcome :) Yes, that's me indeed ! I will start working on it some time next week. Julien/taziden
Bug#842306: ITP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
Hi, On Mon, Oct 31, 2016 at 07:04:31PM +0100, Julien Rabier wrote: > > Would you like to join Harlan and me in maintaining sysdig itself too? > > Yes, that would be great ! You are "taziden-guest" on Alioth? And member of collab-maint? Then there is nothing more to do than to say welcome :) Regards Evgeni
Bug#842306: ITP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
Le 29 oct. à 14:40, Evgeni Golov a écrit : > Would you like to join Harlan and me in maintaining sysdig itself too? Hi Evgeni, Yes, that would be great ! Julien
Bug#842306: ITP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
Hi Julien, On Thu, Oct 27, 2016 at 11:24:23PM +0200, Julien Rabier wrote: > * Package name: falco > Version : 0.4.0 > Upstream Author : Sysdig> * URL : http://www.sysdig.org/falco/ > * License : GPLv2 > Programming Lang: C++, C > Description : Sysdig Falco is a behavioral activity monitor designed to > detect anomalous activity in your applications. > > Powered by sysdig’s system call capture infrastructure, falco lets you > continuously monitor and detect container, application, host, and network > activity... all in one place, from one source of data, with one set of rules. > > I use Sysdig and Falco professionnally and would like to package and maintain > Falco in Debian. Would you like to join Harlan and me in maintaining sysdig itself too? Greets Evgeni
Bug#842306: ITP: falco -- Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications
Package: wnpp Severity: wishlist Owner: Julien Rabier* Package name: falco Version : 0.4.0 Upstream Author : Sysdig * URL : http://www.sysdig.org/falco/ * License : GPLv2 Programming Lang: C++, C Description : Sysdig Falco is a behavioral activity monitor designed to detect anomalous activity in your applications. Powered by sysdig’s system call capture infrastructure, falco lets you continuously monitor and detect container, application, host, and network activity... all in one place, from one source of data, with one set of rules. I use Sysdig and Falco professionnally and would like to package and maintain Falco in Debian.