falco icon indicating copy to clipboard operation
falco copied to clipboard

Published 20 hours ago verified publisher icon falcosecurity

Auto downloading kernel headers takes too long, ~14min

Open guoqingxibei opened this issue 8 months ago • 1 comments

In falco 0.38.0, there's a new feature automatically download kernel headers as per https://falco.org/blog/falco-0-38-0/.

When I run the below command to install falco 0.38.0 on an AWS EC2 instance in the region us-west-2, the step Trying automatic kernel headers download occasionally takes too long.

yum install -e 1 -y falco-0.38.0-x86_64.rpm

The detailed logs are as follows:

/tmp/falco.rpm: rsa sha1 (md5) pgp md5 OK
Package kernel-devel-4.14.344-262.563.amzn2.x86_64 already installed and latest version
Package matching kernel-headers-4.14.344-262.563.amzn2.x86_64 already installed. Checking for update.
Package dkms-2.6.1-1.amzn2.0.1.noarch already installed and latest version
Package 1:make-3.82-24.amzn2.x86_64 already installed and latest version
[POST-INSTALL] Disable all possible enabled 'falco' service:
[POST-INSTALL] Configure falcoctl 'auto' driver type:
2024-06-26 05:27:52 INFO  Running falcoctl driver config
                      ? name: falco
                      ? version: 7.2.0+driver
                      ? type: kmod
                      ? host-root: /
                      ? repos: https://download.falco.org/driver
2024-06-26 05:27:52 INFO  Committing driver config to local Falco config 
2024-06-26 05:27:52 INFO  Storing falcoctl driver config 
clear: terminal attributes: No such device or address

[POST-INSTALL] Trigger deamon-reload:
[POST-INSTALL] Call 'falcoctl driver install for kmod:
2024-06-26 05:27:52 INFO  Running falcoctl driver install
                      ? driver version: 7.2.0+driver
                      ? driver type: kmod
                      ? driver name: falco
                      ? compile: true
                      ? download: false
                      ? target: amazonlinux2
                      ? arch: x86_64
                      ? kernel release: 4.14.344-262.563.amzn2.x86_64
                      ? kernel version: #1 SMP Fri May 17 18:07:48 UTC 2024
2024-06-26 05:27:52 INFO  Check if kernel module is still loaded. 
2024-06-26 05:27:52 INFO  OK! There is no module loaded. 
2024-06-26 05:27:52 INFO  Check all versions of kernel module in dkms. 
2024-06-26 05:27:52 INFO  OK! There are no module versions in dkms. 
2024-06-26 05:27:52 INFO  Trying to compile the requested driver 
2024-06-26 05:27:52 INFO  Trying automatic kernel headers download. 
2024-06-26 05:41:06 INFO  Setting KERNELDIR env var. path: /tmp/kernel
2024-06-26 05:41:07 INFO  Trying to dkms install module. gcc: /bin/gcc
2024-06-26 05:43:48 INFO  kernel module available.
                      ? path: /root/.falco/7.2.0+driver/x86_64/falco_amazonlinux2_4.14.344-262.563.amzn2.x86_64_1.ko
2024-06-26 05:43:58 INFO  Success: module found and loaded in dkms.
                      ? driver: /root/.falco/7.2.0+driver/x86_64/falco_amazonlinux2_4.14.344-262.563.amzn2.x86_64_1.ko
[POST-INSTALL] Enable 'falco-kmod.service':
Created symlink from /etc/systemd/system/multi-user.target.wants/falco-kmod.service to /etc/systemd/system/falco-kmod.service.
[POST-INSTALL] Start 'falco-kmod.service':
  Verifying  : falco-0.38.1-1.x86_64                                        1/1 

Installed:
  falco.x86_64 0:0.38.1-1                                                       

Complete!

Also, how is it downloading the kernel headers? how should i speed this step? thanks a lot!

guoqingxibei avatar Jul 01 '24 15:07 guoqingxibei