saiyam1814/gist:0a2c041c50507163a70f24e1ae95f259

## gistfile1.txt
Ubuntu scenario

curl -s https://falco.org/repo/falcosecurity-packages.asc | apt-key add -
echo "deb https://download.falco.org/packages/deb stable main" | tee -a /etc/apt/sources.list.d/falcosecurity.list
apt-get update -y
apt-get -y install linux-headers-$(uname -r)
apt-get install -y falco
systemctl mask falcoctl-artifact-follow.service
falco-driver-loader bpf
systemctl start falco-bpf.service
cat /var/log/syslog | grep falco

docker run --name ubuntu_bash --rm -i -t ubuntu bash
cat /var/log/syslog | grep falco | grep ubuntu

vi /etc/falco/falco_rules.yaml
"%evt.time %container.id %container.name"

docker run --name ubuntu_bash2 --rm -i -t ubuntu bash
cat /var/log/syslog | grep falco | grep ubuntu
	Ubuntu scenario

	curl -s https://falco.org/repo/falcosecurity-packages.asc \| apt-key add -
	echo "deb https://download.falco.org/packages/deb stable main" \| tee -a /etc/apt/sources.list.d/falcosecurity.list
	apt-get update -y
	apt-get -y install linux-headers-$(uname -r)
	apt-get install -y falco
	systemctl mask falcoctl-artifact-follow.service
	falco-driver-loader bpf
	systemctl start falco-bpf.service
	cat /var/log/syslog \| grep falco

	docker run --name ubuntu_bash --rm -i -t ubuntu bash
	cat /var/log/syslog \| grep falco \| grep ubuntu

	vi /etc/falco/falco_rules.yaml
	"%evt.time %container.id %container.name"

	docker run --name ubuntu_bash2 --rm -i -t ubuntu bash
	cat /var/log/syslog \| grep falco \| grep ubuntu