In this tutorial, I will show how to secure ‘system‘ namespaces in EKS cluster by user access.
"List of namespaces with limited access: [kube-system, monitoring]
In this tutorial, I will show how to:
- Install Falco to your EKS cluster using helm chart
- Enable EKS audit logs for your cluster
- Detect security events based on EKS audit logs activity.
- Overview of most useful rules for my opinion
In previous tutorial I used Falco plugin for K8s Audit Logs
And for this tutorial I will use driver called Kernel Module, in order to monitor system events from the kernel and trying to detect malicious behaviors on Linux systems.