This article is a follow up of our previous article where we explain how we deployed a Kubernetes cluster with k3s on a Raspberry Pi cluster.
In order to carry out a demonstration of our smart tool: the Bleemeo agent at the 8th Devoxx France conference planned for the 17th of April, Bleemeo team decided to use the Kubernetes infrastructure and specially the lightweight version of Kubernetes: k3s. We choose to run k3s on a cluster of 3 Raspberry Pi nodes composed of 1 master node and 2 slaves nodes.
Connection tracking (“conntrack”) is a core feature of the Linux kernel’s networking stack. It allows the kernel to keep track of all logical network connections or flows, and thereby identify all of the packets which make up each flow so they can be handled consistently together.
As with any other operating system, security is a prime concern with Linux network hardware. In this article, we’ll be giving some recommendations on how to toughen the security posture of your Linux servers. Screenshots and example syntax relate to systems running Kali Linux, CentOS, RHEL, Ubuntu, and Debian-based Linux distributions.
The Linux Audit framework is a kernel feature (paired with userspace tools) that can log system calls. For example, opening a file, killing a process or creating a network connection. These audit logs can be used to monitor systems for suspicious activity.
Recent Linux kernel releases are coming weaponized with built-in instrumentation framework that has its roots in what historically was approached as BPF (Berkeley Packet Filter) – a very efficient network packet filtering mechanism which aims to avoid unnecessary user space allocations and operate on packet’s data directly in kernel land. The most familiar application of BPF powers is related to filter expressions used in tcpdump tool.
At Sysdig we’ve recently undergone a pretty interesting shift in our core instrumentation technology, adapting our agent to take advantage of eBPF – a core part of the Linux kernel. Sysdig now supports eBPF as an alternative to our Sysdig kernel module-based architecture. Today we are excited to share more details about our integration and the inner workings of eBPF. To celebrate this exciting technology we’re publishing a series of articles entirely dedicated to eBPF.