Sysdig, which makes monitoring solutions for containers, has released an open source project that watches containers — and the rest of a Linux system as well — for unwanted activity.
Sysdig’s Falco project scans Linux system calls and compares them against a list of rules to determine if unwanted activity is taking place.