步驟如下:
# systemctl restart falco-modern-bpf.service # systemctl status falco-modern-bpf.service ● falco-modern-bpf.service - Falco: Container Native Runtime Security with modern ebpf Loaded: loaded (/lib/systemd/system/falco-modern-bpf.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2023-08-16 02:37:37 PDT; 1s ago Docs: https://falco.org/docs/ Main PID: 4545 (falco) Tasks: 5 (limit: 4617) Memory: 12.2M CGroup: /system.slice/falco-modern-bpf.service └─4545 /usr/bin/falco --pidfile=/var/run/falco.pid --modern-bpf
P.S. 啟動該service前,必須先確定falco driver已經載入成功(/dev/falco0)