Falco - Container Runtime Security Hands On

test-falco.sh

#!/usr/bin/env bash
set -e

# install helm if executable is not found on host
if ! command -v helm &> /dev/null
then
  wget https://get.helm.sh/helm-v3.3.4-linux-amd64.tar.gz
  tar -xvf helm-v3.3.4-linux-amd64.tar.gz
  chmod +x linux-amd64/helm
  mv linux-amd64/helm /usr/local/bin/
fi

# install minikube if executable is not found on host
if ! command -v minikube &> /dev/null
then
  curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
  sudo install minikube-linux-amd64 /usr/local/bin/minikube
fi

## clean up
echo ">>>> Deleting cluster"
minikube delete

# start cluster
echo ">>>> Starting cluster"
minikube start

# add falcosecurity charts to the repo
echo ">>>> Adding helm repo"
helm repo add falcosecurity https://falcosecurity.github.io/charts || true
helm repo update

# install falco
echo ">>>> Installing falco"
helm install falco falcosecurity/falco
FALCO_POD=$(kubectl get pods --selector app=falco -ojsonpath='{range .items[*]}{.metadata.name}{"\n"}')
echo ">>>> Waiting for pod $FALCO_POD to become ready"
kubectl wait --for=condition=Ready pod/$FALCO_POD --timeout=300s

# install nginx
echo ">>>> Installing nginx"
kubectl run nginx --image=nginx
echo ">>>> Waiting for pod nginx to become ready"
kubectl wait --for=condition=Ready pod/nginx --timeout=60s

# accessing sensitive files on the nginx container
echo ">>>> Accessing sensitive files on the nginx container"
kubectl exec -it nginx -- cat /etc/shadow

# check the logs of the falco
echo ">>>> Checking the logs of the falco"
kubectl logs daemonset/falco