How to manually build a Ubuntu 18.04 Virtual Machine server with Oracle VirtualBox

This post will describe how to manually build a Ubuntu 18.04 Virtual Machine (VM) server using Oracle’s VirtualBox virtualisation software. Being able to build simple, expendable VMs is extremely useful, whether you’re writing software, building websites or just wanting to learn about Linux servers. We need to be able to SSH onto the server from our host machine to make access easier. To gain SSH access we therefore need to forward SSH’s port to our host.


Analysing Linux auditd anomalies with Auditbeat and machine learning

Auditbeat is an extremely popular Beat that allows you to collect Linux audit framework data to monitor processes running on Linux systems. It has the ability to stream a multitude of information — from security-related system information, to file integrity data, to process information — from the Linux auditd framework.


Linux Kernel Observability through eBPF

Recent Linux kernel releases are coming weaponized with built-in instrumentation framework that has its roots in what historically was approached as BPF (Berkeley Packet Filter) – a very efficient network packet filtering mechanism which aims to avoid unnecessary user space allocations and operate on packet’s data directly in kernel land. The most familiar application of BPF powers is related to filter expressions used in tcpdump tool.


Sysdig and Falco now powered by eBPF.

At Sysdig we’ve recently undergone a pretty interesting shift in our core instrumentation technology, adapting our agent to take advantage of eBPF – a core part of the Linux kernel. Sysdig now supports eBPF as an alternative to our Sysdig kernel module-based architecture. Today we are excited to share more details about our integration and the inner workings of eBPF. To celebrate this exciting technology we’re publishing a series of articles entirely dedicated to eBPF.


Introducing container observability with eBPF and Sysdig.

Today we’ve announced that we’ve officially added eBPF instrumentation to extend container observability with Sysdig monitoring, security and forensics solutions. eBPF – extended Berkeley Packet Filter – is a Linux-native in-kernel virtual machine that enables secure, low-overhead tracing for application performance and event observability and analysis.