Hello KodeKloud,

While I was doing the CKS Challenge 4, got issue to install the Falco.
I do followed below steps for the FALCO installation.

root@controlplane ~ ➜ curl -fsSL https://falco.org/repo/falcosecurity-packages.asc | \

sudo gpg --dearmor -o /usr/share/keyrings/falco-archive-keyring.gpg
root@controlplane ~ ➜ echo “deb [signed-by=/usr/share/keyrings/falco-archive-keyring.gpg] https://download.falco.org/packages/deb stable main” |
sudo tee -a /etc/apt/sources.list.d/falcosecurity.list
deb [signed-by=/usr/share/keyrings/falco-archive-keyring.gpg] https://download.falco.org/packages/deb stable main
root@controlplane ~ ➜ apt-get update -y
root@controlplane ~ ➜ apt-get -y install linux-headers-$(uname -r) falco
Reading package lists… Done
Building dependency tree
Reading state information… Done
linux-headers-4.15.0-171-generic is already the newest version (4.15.0-171.180).
The following NEW packages will be installed:
falco
0 upgraded, 1 newly installed, 0 to remove and 211 not upgraded.
Need to get 38.7 MB of archives.
After this operation, 107 MB of additional disk space will be used.
Get:1 https://download.falco.org/packages/deb stable/main amd64 falco amd64 0.36.0 [38.7 MB]
Fetched 38.7 MB in 1s (30.1 MB/s)
Selecting previously unselected package falco.
(Reading database … 76419 files and directories currently installed.)
Preparing to unpack …/falco_0.36.0_amd64.deb …
Unpacking falco (0.36.0) …
dpkg: warning: unable to delete old directory ‘/etc/falco/rules.available’: Directory not empty
Setting up falco (0.36.0) …
Installing new version of config file /etc/falco/falco.yaml …
Installing new version of config file /etc/falco/falco_rules.local.yaml …
[POST-INSTALL] Disable all possible ‘falco’ services:
Failed to stop falco-kmod.service: Unit falco-kmod.service not loaded.
Failed to stop falco-bpf.service: Unit falco-bpf.service not loaded.
Failed to stop falco-modern-bpf.service: Unit falco-modern-bpf.service not loaded.
Failed to stop falco-custom.service: Unit falco-custom.service not loaded.
[POST-INSTALL] Trigger deamon-reload:
root@controlplane ~ ➜ echo $?
0
root@controlplane ~ ➜ systemctl start falco
Failed to start falco.service: Unit falco.service not found.

Can someone check if this CKS Challenge 4 lab ENV is correct, this is blocking me to proceed further in this challenge.
Please help.
Thanks,
Mahesh

Lab doesn’t work with the latest version of Falco.

Please restart the lab and use the following to initialize the falco repo to the version that does work

curl -s https://falco.org/repo/falcosecurity-3672BA8F.asc | sudo apt-key add -
echo "deb https://download.falco.org/packages/deb stable main" | sudo tee -a /etc/apt/sources.list.d/falcosecurity.list

There will be some complaining from apt, but it will install it.

It worked…
Thank you @Alistair_KodeKloud .

Thanks @Alistair_KodeKloud, that worked for me too!

I can confirm that the current version of the lab still doesn’t work with the latest version of Falco, which is what eventually got me here.

It might be considerate to future users to include these instructions until the lab environment is made compatible.

@Alistair_KodeKloud it doesnot work. can you please check and confirm

@Alistair_KodeKloud actually I found that I only need to use the following command:

apt-get -y install linux-headers-$(uname -r) falco
systemctl start falco

If I run following command it gives me some error:
curl -s https://falco.org/repo/falcosecurity-3672BA8F.asc | apt-key add -
echo “deb https://download.falco.org/packages/deb stable main” | tee -a /etc/apt/sources.list.d/falcosecurity.list

Update apt indexes

apt-get update -y

@hemjal1 You’re right!

The issue was with a previous version of Falco which was newer than the one the lab was originally built on, but not the version that is available now. It would seem that the issue originally reported in this thread has now been fixed by Falco and it does install correctly as per the instructions on their site.