Sysdig, which makes monitoring solutions for containers, has released an open source project that watches containers — and the rest of a Linux system as well — for unwanted activity.
Sysdig’s Falco project scans Linux system calls and compares them against a list of rules to determine if unwanted activity is taking place. If, for instance, a shell is spawned inside a container, but your containers shouldn’t be doing that, you’ll be alerted to it.
Read more at InfoWorld