EN-C033-056-docker-vps-ebpf-drift-guard

English

---

[EN-C033-056] Docker-VPS eBPF Drift Guard

• Date: 2026-02-15
• Language: EN
• Category: Infrastructure / Docker-VPS
• Status: New

Overview

Detect unexpected runtime drift on Docker-VPS workloads (ports, privileges, image swaps) and automate rollback decisions with auditable evidence.

Trend Signals (GitHub / Reddit / V2EX)

• More teams report silent configuration drift in long-running Compose stacks.
• eBPF runtime visibility plus GitOps diff baselines is becoming a common pattern.

OpenClaw Implementation Steps

1) Config enablement

• Enable exec, cron, sessions_spawn, message, and web_fetch.
• Set drift policy: tolerated changes, emergency stop conditions, rollback gates.

2) API setup

• Connect metrics API (Prometheus-compatible).
• Connect image-signature or registry verification API.
• Connect incident ticket API.

3) Operations setup

• Sub-agent A captures docker inspect diffs on schedule.
• Sub-agent B detects privilege anomalies from eBPF/log streams.
• Agent classifies risk (low, medium, high) and reports to the user.
• For high, execute canary stop → previous image restart → verification, then store trace in Vault.

Example Links

• X: 準備中
• note: 準備中
• GitHub: https://github.com/cilium/tetragon https://github.com/aquasecurity/trivy
• Moltbook: 準備中

Tags

#OpenClaw #DockerVPS #DriftDetection #eBPF #DevSecOps