Home / Companies / Sysdig / Blog / February 2019

February 2019 Summaries

6 posts from Sysdig

Filter
Month: Year:
Post Summaries Back to Blog
The blog post titled "The art of writing eBPF programs: a primer" by Gianluca Borello delves into the process of writing eBPF programs with a focus on system call tracing, specifically using the openat system call as an example. The post outlines the verification process and the role of the eBPF virtual machine in ensuring runtime safety, emphasizing that writing complex eBPF programs requires significant context. The author explains how eBPF programs can be written using examples, detailing the use of eBPF helpers like bpf_probe_read and bpf_probe_read_str to safely access memory and strings. The post also discusses the importance of eBPF maps for storing data safely across program invocations and highlights challenges such as managing variable memory accesses and ensuring verifier compliance. By providing code examples and insights into bytecode analysis, the blog aims to enhance understanding of the eBPF programming process, while acknowledging the evolving nature of eBPF technology and the challenges of maintaining backward compatibility across different kernel versions.
Feb 27, 2019 5,755 words in the original blog post.
Sysdig has transitioned its core instrumentation technology to utilize eBPF, a modern Linux kernel feature, as an alternative to its previous kernel module-based architecture, enhancing system call tracing and security for containers. This shift allows Sysdig to leverage eBPF's capabilities for safer, more efficient code execution within the kernel, addressing previous concerns about stability, security, and compatibility with modern Linux distributions that restrict kernel module usage. By integrating eBPF, Sysdig can now provide high-performance system call tracing with additional metadata, improve troubleshooting and security auditing, and align with the eBPF ecosystem alongside tools like bcc and bpftrace. This development also extends to Falco, a CNCF project, making it a significant player in container security monitoring powered by eBPF. Additionally, the adoption of eBPF allows Sysdig to offer enhanced monitoring and security solutions for microservices, with a focus on maintaining performance and flexibility without altering the user interface, further enriching the toolset for system troubleshooting and monitoring within cloud-native environments.
Feb 27, 2019 3,692 words in the original blog post.
Sysdig has integrated eBPF (extended Berkeley Packet Filter) to enhance container observability, security, and monitoring. This integration taps into the capabilities of eBPF, a Linux-native tool that allows secure, low-overhead tracing for application performance and event analysis, extending beyond its original purpose of network packet filtering. By incorporating eBPF, Sysdig provides deep visibility into cloud-native and container environments, addressing challenges posed by container-optimized operating systems that limit kernel module use. This development enables Sysdig to monitor and secure platforms without additional kernel modules, offering real-time insights into system calls. The company's efforts with eBPF have resulted in engineered programs for their open-source solutions, Sysdig and Falco, further expanding their instrumentation capabilities with ContainerVision. This initiative supports modern cloud infrastructure by facilitating efficient performance monitoring, security, and troubleshooting while aligning with the continuous evolution of eBPF in Linux.
Feb 27, 2019 977 words in the original blog post.
Sysdig and IBM have announced a collaboration to integrate Sysdig's Cloud-Native Intelligence Platform with IBM Cloud Private and IBM Multicloud Manager, enhancing cloud-native application development and security. This partnership aims to accelerate IBM customers' transition to cloud architectures by providing real-time visibility into microservices' health and performance, along with robust security measures. The initiative builds on their previous collaboration, which launched IBM Cloud Monitoring with Sysdig, offering comprehensive monitoring services for IBM's public cloud users. By leveraging open-source frameworks and Kubernetes container architecture, the collaboration promises improved operational efficiency, faster incident resolution, and simplified compliance for enterprise users. Sysdig's solutions are designed to provide deep insight and unified security across cross-cloud environments, enabling enterprises to manage applications with enhanced visibility and control.
Feb 12, 2019 922 words in the original blog post.
CVE-2019-5736 is a critical vulnerability in the runC container runtime, which underlies platforms like Docker, Kubernetes, and others, enabling attackers to gain root-level access by overwriting the host runC binary. With a high CVSS score of 7.2, urgent patching is recommended to prevent potential exploits. Sysdig Falco, an open-source security tool, can help detect such exploits by monitoring system calls and generating alerts on suspicious activities within containers. It offers a robust rules engine that can be tailored to identify abnormal system events, providing an additional layer of security. Sysdig also offers image scanning to prevent vulnerable or misconfigured images from entering production environments, along with compliance monitoring to ensure adherence to best practices. By leveraging these tools, organizations can enforce strict security measures and mitigate the risks associated with this vulnerability.
Feb 11, 2019 812 words in the original blog post.
Kubernetes Pod Security Policy (PSP) is a cluster-level resource designed to enforce security best practices by controlling sensitive aspects of pod specifications, yet creating an effective PSP can be challenging due to varying application requirements. The article explains how kube-psp-advisor, an open-source tool from Sysdig, simplifies the implementation of PSPs by scanning existing security contexts and automatically generating policies that align with Kubernetes resources like deployments and replicasets. This tool allows teams to adapt security policies to specific application needs while maintaining adequate security measures, even when certain capabilities like NET_ADMIN or IPC_LOCK are necessary for performance or monitoring purposes. Additionally, kube-psp-advisor offers customization options by analyzing entire clusters or specific namespaces, making it easier for DevSecOps and software development teams to collaboratively establish security policies that balance theoretical best practices with practical application demands.
Feb 06, 2019 1,290 words in the original blog post.