Missing pre-built falco-driver kernel version 5.4.209-116.363 for EKS AMI

[igoritos22]

We run Falco across our environments using EKS. There is a need to upgrade ours EKS AMI to version v20220824 with the 5.4.209-116.363.amzn2 kernel version and the falco-driver is not present in the list of avaliable kernel falco-drivers.

We cannot update our environment until this driver was loaded. There is some prevision to the driver will be avaliable in list of falco's drivers?

[alan-kea]

Also waiting for this driver to become available

[dwgillies-bluescape]

We are also hoping for a pre-built driver in this version to become availablle :

* Looking for a falco module locally (kernel 5.4.209-116.363.amzn2.x86_64)

I have learned that the driver DOES EXIST if you are using the latest 2.0 version of Falco - it can download the driver from :

https://download.falco.org/?prefix=driver/2.0.0%2Bdriver/x86_64/

If you upgrade your version(s) of falco-exporter and falco to use the ":latest" label, it will start.

[FedeDP]

The driver is now there: https://download.falco.org/driver/2.0.0%2Bdriver/x86_64/falco_amazonlinux2_5.4.209-116.363.amzn2.x86_64_1.ko :rocket:

[LucasMouraoFerreira]

Arm64 pre-built driver ( 5.4.209-116.363.amzn2) still not available in https://download.falco.org/?prefix=driver/2.0.0%2Bdriver/aarch64/ Version 5.4.204-113.362.amzn2 is not available either 😥

[FedeDP]

Yep there was a bug in the Arm64 driverkit workflow that prevented Arm64 drivers from being built. It will be fixed asap!

[renilthomas]

Hi @FedeDP, there is a new kernel released: kernel-5.4.209-116.367.amzn2.x86_64 and we are waiting for the pre-built driver to be available. Thanks!

[dwgillies-bluescape]

@renilthomas This ticket is probably superseded by https://github.com/falcosecurity/falco/issues/2273. There is a new .368. version of the linux kernel that will be a necessary upgrade to patch some new nessus scan "high" vulnerability findings for fedramp clusters. You may want to recompile your kernel and then ask for .368. drivers to solve all your problems (at least until new vulnerabilities are found & patched ...)

[FedeDP]

Is this issue still alive? Or can we close this?

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[poiana]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

[poiana]

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community. /close

[poiana]

@poiana: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community. /close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.