0

I'm trying to catch processes' fork() and exec() event details for some security purposes. And then I found this question: How to detect the launching of programs on Linux?

I built a monitor program in docker container with image alpine, and run it successfully. But there is no any data output in stdout of console. So I suspect that kernel doesn't send processes' events by netlink, how to check if CONFIG_CONNECTOR and CONFIG_PROC_EVENTS are enabled? And if not, how can I enable it in some ways?

Notealot
  • 23
  • 5
  • Are you trying to see `fork()` and `exec()` calls that happen on the host or in the container? – Hans Kilian Jun 17 '22 at 07:07
  • A Docker container shares its host's kernel. If you need a different kernel, you need to run your application inside a full virtual machine. – David Maze Jun 17 '22 at 10:08
  • @HansKilian I tried execute some commands and there is no any information output. – Notealot Jun 18 '22 at 09:31
  • @DavidMaze I think you are right, I found another answer said that need to use `host` network in docker, but there is not what I expected. – Notealot Jun 18 '22 at 09:32

0 Answers0