eBPF Security Monitoring — You use kernel modules for security monitoring. Kernel panic, your cluster is down. GKE blocks kernel modules. You're blind.
You use kernel modules for security monitoring. Kernel panic, your cluster is down. GKE blocks kernel modules. You're blind. Here's how to prevent it.
What is eBPF? Simply explained.
eBPF (extended Berkeley Packet Filter) is a Linux kernel technology that allows running sandboxed programs in the kernel without loading kernel modules. Advantages: safety (verifier prevents kernel panic), portability (works across kernel versions), managed Kubernetes compatibility (GKE, EKS, AKS). Good eBPF monitoring: Cilium Tetragon (enforcement), Falco eBPF (detection), L7 network policies, syscall audit trail.
↓ Jump to technical depth4 eBPF Security Tools
Kernel-level security enforcement with eBPF. Tetragon executes security policies in-kernel — blocking malicious syscalls before they complete, not just alerting after.
# Install Tetragon via Helm
helm repo add cilium https://helm.cilium.io
helm install tetragon cilium/tetragon -n kube-system
# TracingPolicy: alert on shell execution inside containers
apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
name: block-shell-in-containers
spec:
kprobes:
- call: "sys_execve"
syscall: true
args:
- index: 0
type: "string"
selectors:
- matchArgs:
- index: 0
operator: "Postfix"
values: ["/sh", "/bash", "/ash", "/dash"]
matchNamespaces:
- namespace: Pid
operator: NotIn
values: ["host_ns"] # Container processes only
matchActions:
- action: Sigkill # KILL the process — not just alert
# or action: Override with argError: -1 for syscall overrideFalco with eBPF driver instead of kernel module — same detection capabilities without loading a kernel module (safer, works in managed K8s where modules are blocked).
# Deploy Falco with eBPF driver (no kernel module required)
helm repo add falcosecurity https://falcosecurity.github.io/charts
helm install falco falcosecurity/falco \
--set driver.kind=ebpf \
--set falcosidekick.enabled=true \
--set falcosidekick.config.webhook.address=http://openclaw-webhook:9000
# Key Falco rules for container security:
- rule: Unexpected shell in container
condition: >
spawned_process and container and
shell_procs and not proc.pname in (allowed_parent_processes)
output: Shell spawned in container (proc=%proc.name parent=%proc.pname
container=%container.name image=%container.image.repository)
priority: WARNING
- rule: Write below /etc in container
condition: >
open_write and container and
fd.name startswith /etc
output: File below /etc written in container (file=%fd.name
container=%container.name)
priority: ERROR
- rule: Outbound connection to unexpected IP
condition: >
outbound and container and
not fd.sip in (allowed_outbound_ips)
output: Unexpected outbound connection (sip=%fd.sip dport=%fd.sport
container=%container.name)
priority: WARNINGCilium uses eBPF to enforce network policies at Layer 7 (HTTP/gRPC/DNS) — blocking specific API calls or DNS queries, not just TCP connections.
# Cilium L7 policy: allow only specific HTTP paths
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: moltbot-agent-l7-policy
namespace: moltbot-agents
spec:
endpointSelector:
matchLabels:
app: moltbot-agent
egress:
- toEndpoints:
- matchLabels:
app: llm-gateway
toPorts:
- ports:
- port: "8080"
protocol: TCP
rules:
http:
- method: "POST"
path: "/v1/chat/completions" # Only allow LLM API calls
# BLOCKED: GET /, POST /admin, all other paths
- toFQDNs:
- matchName: "api.openai.com"
toPorts:
- ports:
- port: "443"
protocol: TCP
rules:
http:
- method: "POST"
path: "/v1/chat/completions"
# Block metadata API (cloud credential theft prevention)
egressDeny:
- toCIDRSet:
- cidr: "169.254.169.254/32"Record every syscall from every container process with full context — process, arguments, return value. Immutable audit trail for incident response and compliance.
# Tetragon: comprehensive syscall audit with JSON export
apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
name: audit-sensitive-syscalls
spec:
kprobes:
- call: "sys_ptrace" # Process tracing (escape vector)
syscall: true
return: true
- call: "sys_mount" # Filesystem mount (escape vector)
syscall: true
return: true
- call: "sys_clone" # Namespace creation (escape vector)
syscall: true
args:
- index: 0
type: "uint64" # flags
return: true
- call: "sys_setuid" # Privilege escalation
syscall: true
return: true
# Export audit events to SIEM:
# Tetragon exports JSON to stdout → ship via Fluent Bit to SIEM
# Each event includes: timestamp, pod, namespace, process, args, return_val
# Cryptographic integrity: sign log stream with Falco/Tetragon + HMACReal-World Scars: Production Incidents
Kernel module for Falco loaded, kernel panic, cluster down. Fix: Use Falco with eBPF driver (no kernel module).
GKE blocks kernel modules, Falco not deployable. Fix: Use eBPF driver (works without kernel modules).
Immediate Actions: What to do today?
Deploy Falco with eBPF driver
Use --set driver.kind=ebpf.
Install Cilium Tetragon
Create TracingPolicy for shell block.
Enable L7 network policies
Cilium L7 policies for HTTP/gRPC.
Set up syscall audit trail
Tetragon audit policy for sensitive syscalls.
Interactive eBPF Security Checklist
eBPF Security Score Calculator
Industry Average: 20/100
Frequently Asked Questions
What is eBPF and why is it better than kernel modules?
eBPF (extended Berkeley Packet Filter) is a Linux kernel technology that allows running sandboxed programs in the kernel without loading kernel modules. Security advantages: eBPF programs are verified by the kernel's verifier before execution — they cannot crash the kernel. Kernel modules can cause kernel panics. Portability: eBPF programs work across kernel versions without recompilation. Managed Kubernetes: GKE, EKS, AKS block kernel module loading. eBPF works without special permissions.
What is Cilium Tetragon and how does it differ from Falco?
Both use eBPF but with different approaches: Falco: observe-and-alert model. Detects policy violations and sends alerts. Cannot block malicious actions — only report them. Cilium Tetragon: enforce-and-kill model. Executes security policy in-kernel and can block/kill malicious processes before the syscall completes. Best practice: run both — Falco for detection coverage, Tetragon for enforcement on critical workloads.
Does eBPF security monitoring work with AI agent containers?
Yes, and it's particularly valuable: AI agent containers (Moltbot) often have broad network access and tool capabilities — eBPF monitoring provides visibility into exactly what syscalls and network connections agents make. Key use cases: 1) Detect prompt injection that leads to shell execution. 2) Monitor outbound connections. 3) Enforce L7 network policy. 4) Audit tool calls at syscall level.
What is the performance overhead of eBPF security monitoring?
Production-measured overhead: Falco eBPF: 1-3% CPU overhead. Spikes to 5-10% during high-syscall periods. Cilium network policies: ~1% overhead for L3/L4 policies. L7 policy inspection adds ~3-5% for HTTP workloads. Cilium Tetragon: 2-5% overhead with comprehensive TracingPolicy. Optimization tips: scope TracingPolicy to specific namespaces. Tune Falco rules to drop high-frequency benign events.