Building sysdig

Building Sysdig

Below versions of Sysdig are available in respective distributions at the time of creation of these build instructions:

• SLES 12 SP5 has 0.15.1
• Ubuntu 18.04 has 0.24.1
• Ubuntu 20.04 has 0.26.4
• Ubuntu 22.04 has 0.27.1
• Ubuntu 22.10 has 0.29.3

The instructions provided below specify the steps to build Sysdig version 0.30.2 on Linux on IBM Z for following distributions:

• RHEL (7.8, 7.9, 8.4, 8.6, 8.7, 9.0, 9.1)
• SLES (12 SP5, 15 SP4)
• Ubuntu (18.04, 20.04, 22.04, 22.10)

General Notes:

• When following the steps below please use a standard permission user unless otherwise specified.
• A directory /<source_root>/ will be referred to in these instructions, this is a temporary writable directory anywhere you'd like to place it.

Step 1: Build using script

If you want to build Sysdig using manual steps, go to step 2.

Use the following commands to build Sysdig using the build script. Please make sure you have wget installed.

wget https://raw.githubusercontent.com/linux-on-ibm-z/scripts/master/Sysdig/0.30.2/build_sysdig.sh

# Run bash build_sysdig.sh 
bash build_sysdig.sh  [Provide -t option for executing build with tests] 

In case of error, check logs for more details or go to Step 2 to follow manual build steps.

Step 2: Install dependencies

  export SOURCE_ROOT=/<source_root>/

• RHEL (7.8, 7.9)

  sudo yum install -y devtoolset-7 devtoolset-7-elfutils-libelf-devel rh-git227-git.s390x pkgconfig kernel-devel-$(uname -r) kmod perl
  
  #switch to GCC 7   
  source /opt/rh/devtoolset-7/enable
  #Enable git 2.27
  source /opt/rh/rh-git227/enable

• RHEL (8.4, 8.6, 8.7, 9.0, 9.1)

  sudo yum install -y gcc gcc-c++ git cmake pkg-config elfutils-libelf-devel kernel-devel-$(uname -r) kmod perl

• SLES (12 SP5)

  sudo zypper install -y gcc7 gcc7-c++ git make wget pkg-config libelf-devel "kernel-default-devel=$(uname -r | sed 's/-default//g')" kmod tar
  
  #switch to GCC 7
  sudo update-alternatives --install /usr/bin/cc cc /usr/bin/gcc-7 40
  sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 40
  sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-7 40
  sudo update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++-7 40

• SLES (15 SP4)

  sudo zypper install -y gcc gcc-c++ git cmake wget pkg-config libelf-devel "kernel-default-devel=$(uname -r | sed 's/-default//g')" kmod tar

• Ubuntu (18.04, 20.04, 22.04, 22.10)

  sudo apt-get update
  sudo apt-get install -y git g++ linux-headers-$(uname -r) cmake libelf-dev pkg-config kmod

• Install OpenSSL (Only on RHEL 7.x and SLES 12 SP5)

  cd $SOURCE_ROOT
  wget https://www.openssl.org/source/openssl-1.1.1l.tar.gz --no-check-certificate
  tar -xzf openssl-1.1.1l.tar.gz
  cd openssl-1.1.1l
  ./config --prefix=/usr/local --openssldir=/usr/local
  make
  sudo make install
  
  sudo mkdir -p /usr/local/etc/openssl
  sudo wget https://curl.se/ca/cacert.pem --no-check-certificate -P /usr/local/etc/openssl
  
  LD_LIBRARY_PATH=/usr/local/lib/:/usr/local/lib64/${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
  export LD_LIBRARY_PATH
  export SSL_CERT_FILE=/usr/local/etc/openssl/cacert.pem

• Install CMake v3.20.3 (Only on RHEL 7.x and SLES 12 SP5)

  cd $SOURCE_ROOT
  wget https://github.com/Kitware/CMake/releases/download/v3.20.3/cmake-3.20.3.tar.gz --no-check-certificate
  tar -xvzf cmake-3.20.3.tar.gz
  cd cmake-3.20.3
  ./bootstrap
  make
  sudo make install
  sudo ln -s /usr/local/bin/cmake /usr/bin/cmake  #Only on SLES 12 SP5
  cmake --version

Step 3: Download source code

  cd $SOURCE_ROOT
  git clone https://github.com/draios/sysdig.git
  cd sysdig
  git checkout 0.30.2
  export PATCH_URL="https://raw.githubusercontent.com/linux-on-ibm-z/scripts/master/Sysdig/0.30.2/patch/sysdig.patch"
  curl -o sysdig.patch $PATCH_URL
  git apply sysdig.patch
  mkdir build

Step 4: Configure, build and install Sysdig

Step 4.1: Configure

  cd $SOURCE_ROOT/sysdig/build
  cmake -DCREATE_TEST_TARGETS=ON -DUSE_BUNDLED_DEPS=ON -DSYSDIG_VERSION=0.30.2 ..

• Fix curl version and libabsl linking order

  cd $SOURCE_ROOT/sysdig/build/falcosecurity-libs-repo/falcosecurity-libs-prefix/src/falcosecurity-libs/cmake/modules
  sed -i 's+https://github.com/curl/curl/releases/download/curl-7_84_0/curl-7.84.0.tar.bz2+https://github.com/curl/curl/releases/download/curl-7_85_0/curl-7.85.0.tar.bz2+g' curl.cmake
  sed -i 's/702fb26e73190a3bd77071aa146f507b9817cc4dfce218d2ab87f00cd3bc059d/21a7e83628ee96164ac2b36ff6bf99d467c7b0b621c1f7e317d8f0d96011539c/g' curl.cmake
  sed -i '135{h;d};136G' grpc.cmake
  

Step 4.2: Build Sysdig

  cd $SOURCE_ROOT/sysdig/build
  make
  sudo make install

Step 5: Insert Sysdig driver module

  #Unload any existing module
  sudo rmmod scap || true
    
  #Insert Sysdig kernel module
  cd $SOURCE_ROOT/sysdig/build/driver/
  sudo insmod scap.ko

Step 6: Testing (Optional)

• To run the whole unit test suite

  cd $SOURCE_ROOT/sysdig/build/
  make run-unit-test-libsinsp

All the test cases should pass.

Step 7: Validate installation (optional)

• Validate Sysdig's version

  sysdig --version

  The output should be:

  sysdig version 0.30.2

• Validate sysdig and csysdig binaries

  sudo /usr/local/bin/sysdig
  sudo /usr/local/bin/csysdig

Note:

• Refer to this for more information on running Sysdig as a non-root user.

Reference:

• http://www.sysdig.com/
• https://github.com/draios/sysdig
• https://github.com/draios/sysdig/wiki/How-to-Install-Sysdig-from-the-Source-Code