Skip to content


An open source docker security platform

Install & Use Falco:

# Install the keys
curl -fsSL | \
sudo gpg --dearmor -o /usr/share/keyrings/falco-archive-keyring.gpg

# Add The Repo
sudo bash -c 'cat << EOF > /etc/apt/sources.list.d/falcosecurity.list
deb [signed-by=/usr/share/keyrings/falco-archive-keyring.gpg] stable main

# Update & Install
sudo apt update && sudo apt-get install -y dkms make linux-headers-$(uname -r) dialog falco
# Select kmod & yes

# Enable & Start Falco
sudo systemctl enable falco
sudo systemctl start falco
sudo systemctl status falco

# Enable a password rule
sudo cat /etc/shadow > /dev/null

# Check warning/sensitive alerts
sudo journalctl _COMM=falco -p warning
sudo grep Sensitive /var/log/syslog