Building sysdig

Building Sysdig

Below versions of Sysdig are available in respective distributions at the time of creation of these build instructions:

• Ubuntu 18.04 has 0.24.1
• Ubuntu 20.04 has 0.26.4
• Ubuntu 21.10 has 0.27.1
• SLES 12 SP5 has 0.15.1

The instructions provided below specify the steps to build Sysdig version 0.28.0 on Linux on IBM Z for following distributions:

• RHEL (7.8, 7.9, 8.2, 8.4, 8.5)
• SLES (12 SP5, 15 SP3)
• Ubuntu (18.04, 20.04, 21.10)

General Notes:

• When following the steps below please use a standard permission user unless otherwise specified.
• A directory /<source_root>/ will be referred to in these instructions, this is a temporary writable directory anywhere you'd like to place it.

Step 1: Build using script

If you want to build Sysdig using manual steps, go to step 2.

Use the following commands to build Sysdig using the build script. Please make sure you have wget installed.

wget https://raw.githubusercontent.com/linux-on-ibm-z/scripts/master/Sysdig/0.28.0/build_sysdig.sh

# Run bash build_sysdig.sh 
bash build_sysdig.sh  [Provide -t option for executing build with tests] 

In case of error, check logs for more details or go to Step 2 to follow manual build steps.

Step 2: Install dependencies

• RHEL (7.8, 7.9)

  sudo yum install -y devtoolset-7 devtoolset-7-elfutils-libelf-devel cmake automake curl \
     glibc-static libcurl-devel git pkgconfig wget patch kernel-devel-$(uname -r) kmod
  
  #switch to GCC 7   
  source /opt/rh/devtoolset-7/enable

• RHEL (8.2, 8.4, 8.5)

  sudo yum install -y gcc gcc-c++ git make cmake autoconf automake pkg-config libtool wget patch \
      curl elfutils-libelf-devel kernel-devel-$(uname -r) glibc-static libstdc++-static kmod libarchive

• SLES (12 SP5)

  sudo zypper install -y gcc7 gcc7-c++ git cmake automake autoconf libtool zlib-devel wget pkg-config \
      curl patch glibc-devel-static libelf-devel "kernel-default-devel=$(uname -r | sed 's/-default//g')" kmod \
  libexpat-devel tcl gettext-tools openssl libopenssl-devel libcurl-devel tar
  
  #switch to GCC 7
  sudo update-alternatives --install /usr/bin/cc cc /usr/bin/gcc-7 40
  sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 40
  sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-7 40
  sudo update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++-7 40

• SLES (15 SP3)

  sudo zypper install -y gcc gcc-c++ git cmake patch automake autoconf libtool wget pkg-config \
     curl glibc-devel-static libelf-devel "kernel-default-devel=$(uname -r | sed 's/-default//g')" kmod \
     libexpat-devel tcl-devel gettext-tools tar libopenssl-devel libcurl-devel

• Ubuntu (18.04)

  sudo apt-get update
  sudo apt-get install -y git cmake build-essential pkg-config autoconf \
     wget curl patch libtool libelf-dev linux-headers-$(uname -r) kmod \
     libz-dev libssl-dev libcurl4-gnutls-dev libexpat1-dev gettext gcc

• Ubuntu (20.04, 21.10)

  sudo apt-get update
  sudo apt-get install -y git cmake build-essential pkg-config autoconf wget patch libtool \
     curl libelf-dev linux-headers-$(uname -r) kmod libgrpc++-dev protobuf-compiler-grpc \
     libz-dev libssl-dev libcurl4-gnutls-dev libexpat1-dev gettext gcc

• Install CMake v3.7.2 (Only for RHEL 7.x)

  cd $SOURCE_ROOT
  wget https://cmake.org/files/v3.7/cmake-3.7.2.tar.gz
  tar xzf cmake-3.7.2.tar.gz
  cd cmake-3.7.2
  ./configure --prefix=/usr/
  ./bootstrap --system-curl --parallel=16
  make -j16
  sudo make install
  export PATH=/usr/local/bin:$PATH
  cmake --version

• Install Protobuf v3.13.0 (Only for SLES 12 SP5)

  cd $SOURCE_ROOT
  sudo zypper install -y autoconf automake bzip2 gawk git gzip libtool make tar wget zlib-devel
  git clone https://github.com/protocolbuffers/protobuf.git
  cd protobuf
  git checkout v3.13.0
  git submodule update --init --recursive
  ./autogen.sh
  ./configure
  make
  sudo make install
  sudo ldconfig
  protoc --version

• Install Git version 2.27.0 (Only for Ubuntu and SLES)

  cd $SOURCE_ROOT
  wget https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.27.0.tar.gz
  tar -xvf git-2.27.0.tar.gz
  cd git-2.27.0
  make prefix=/usr/local all
  sudo make prefix=/usr/local install
  export PATH=$PWD:$PATH
  git --version

Step 3: Download source code

    export SOURCE_ROOT=/<source_root>/
    cd $SOURCE_ROOT
    git clone https://github.com/draios/sysdig.git
    cd sysdig
    git checkout 0.28.0
    mkdir build

Step 4: Configure, build and install Sysdig

  cd $SOURCE_ROOT/sysdig/build

• Ubuntu (20.04, 21.10)

  cmake -DUSE_BUNDLED_PROTOBUF=Off -DPROTOBUF_PREFIX=/usr/lib/s390x-linux-gnu  \
          -DUSE_BUNDLED_GRPC=Off -DGRPC_PREFIX=/usr/lib/s390x-linux-gnu \
          .. -DSYSDIG_VERSION=0.28.0

• RHEL, SLES and Ubuntu 18.04

  cmake .. -DSYSDIG_VERSION=0.28.0

  cd $SOURCE_ROOT/sysdig/build/falcosecurity-libs-repo/falcosecurity-libs-prefix/src/falcosecurity-libs/cmake/modules
  sed -i 's+http://download.sysdig.com/dependencies/protobuf-cpp-3.5.0.tar.gz+https://github.com/protocolbuffers/protobuf/releases/download/v3.13.0/protobuf-cpp-3.13.0.tar.gz+g' protobuf.cmake
  sed -i 's/e4ba8284a407712168593e79e6555eb2/6425d7466db2efe5a80de1e38899f317/g' protobuf.cmake
  sed -i 's/PATCH_COMMAND wget http/#PATCH_COMMAND wget http/g' protobuf.cmake
  cd $SOURCE_ROOT/sysdig/build
  make
  sudo make install

Step 5: Insert Sysdig driver module

  #Unload any existing module
  sudo rmmod scap || true
    
  #Insert Sysdig kernel module
  cd $SOURCE_ROOT/sysdig/build/driver/
  sudo insmod scap.ko

Step 6: Validate installation (optional)

• Validate Sysdig's version

  sysdig --version

  The output should be:

  sysdig version 0.28.0

Note:

• Refer to this for more information on running Sysdig as a non-root user.

Reference:

• http://www.sysdig.com/
• https://github.com/draios/sysdig