How to Install Falco for Linux

Mark Stemm edited this page Oct 17, 2018 · 9 revisions

Installation

Scripted install

To install falco, you can download a shell script that takes care of the necessary steps. First download the script:

curl -o install-falco.sh -s https://s3.amazonaws.com/download.draios.com/stable/install-falco

Then verify the md5 checksum of the script. It should be 7f5126d9a69e74cb9a47e59d17f9c42b.

Then run the script either as root or with sudo:

sudo bash install-falco.sh

Package install

RHEL

  • Trust the Draios GPG key and configure the yum repository
rpm --import https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public
curl -s -o /etc/yum.repos.d/draios.repo https://s3.amazonaws.com/download.draios.com/stable/rpm/draios.repo
  • Install the EPEL repository

Note: The following command is required only if DKMS is not available in the distribution. You can verify if DKMS is available with yum list dkms. If required, install using:

rpm -i https://mirror.us.leaseweb.net/epel/6/i386/epel-release-6-8.noarch.rpm

  • Install kernel headers

Warning: The following command might not work with any kernel. Make sure to customize the name of the package properly

yum -y install kernel-devel-$(uname -r)

  • Install falco

yum -y install falco

To uninstall, just do yum erase falco.

Debian

  • Trust the Draios GPG key, configure the apt repository, and update the package list
curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add -
curl -s -o /etc/apt/sources.list.d/draios.list https://s3.amazonaws.com/download.draios.com/stable/deb/draios.list
apt-get update
  • Install kernel headers

Warning: The following command might not work with any kernel. Make sure to customize the name of the package properly.

apt-get -y install linux-headers-$(uname -r)

  • Install falco

apt-get -y install falco

To uninstall, just do apt-get remove falco.

Package Management Systems (Puppet, Ansible, etc.)

Puppet

A puppet module for falco, sysdig-falco, is available in the examples directory and Puppet Forge.

Ansible

@juju4 has helpfully written an ansible role, juju4.falco. It's available on github and ansible galaxy. The latest version on ansible galaxy (v0.7) does not work with falco 0.9.0, but the version on github does.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.