ack-advanced-audit is a key component for auditing operations that are performed in containers. This topic introduces ack-advanced-audit, and describes the usage notes and release notes for ack-advanced-audit.
Table of contents
ack-advanced-audit is developed based on open source Falco and uses extended Berkeley Packet Filter (eBPF) of the Linux kernel to enable auditing of operations that are performed in containers. This way, you can audit operations performed by organization members or applications in containers.
ack-advanced-audit supports only the Alibaba Cloud Linux operating system whose kernel version is later than 4.19.
This version is in canary release.
Kubernetes 1.26 is supported.
The system may not respond to the kubectl exec command if ack-advanced-audit is in an abnormal state.
Operations performed in containers can be audited.
The first version.