ubuntu 18.04 hwo to install falco

[zer0-1s]

Describe the bug I refer to the link of the following article.

https://v0-32.falco.org/docs/getting-started/installation/

Setting up g++ (4:7.4.0-1ubuntu2.3) ...
update-alternatives: using /usr/bin/g++ to provide /usr/bin/c++ (c++) in auto mode
Setting up falco (0.39.1) ...
[POST-INSTALL] Disable all possible 'falco' services:
Failed to stop falco-kmod.service: Unit falco-kmod.service not loaded.
Failed to stop falco-bpf.service: Unit falco-bpf.service not loaded.
Failed to stop falco-modern-bpf.service: Unit falco-modern-bpf.service not loaded.
Failed to stop falco-custom.service: Unit falco-custom.service not loaded.
Failed to stop falcoctl-artifact-follow.service: Unit falcoctl-artifact-follow.service not loaded.
[POST-INSTALL] Configure falcoctl 'auto' driver type:
2024-10-14 18:46:14 INFO  Running falcoctl driver config
                      ├ name: falco
                      ├ version: 7.3.0+driver
                      ├ type: kmod
                      ├ host-root: /
                      └ repos: https://download.falco.org/driver
2024-10-14 18:46:14 INFO  Committing driver config to specialized configuration
                      │   file under
                      └ directory: /etc/falco/config.d
2024-10-14 18:46:14 INFO  Storing falcoctl driver config 

[POST-INSTALL] Trigger deamon-reload:
[POST-INSTALL] Call 'falcoctl driver install for kmod:
2024-10-14 18:46:14 INFO  Running falcoctl driver install
                      ├ driver version: 7.3.0+driver
                      ├ driver type: kmod
                      ├ driver name: falco
                      ├ compile: true
                      ├ download: false
                      ├ target: ubuntu-generic
                      ├ arch: x86_64
                      ├ kernel release: 5.4.0-150-generic
                      └ kernel version: #167~18.04.1-Ubuntu SMP Wed May 24 00:51:42 UTC 2023
2024-10-14 18:46:14 INFO  Check if kernel module is still loaded.               
2024-10-14 18:46:14 INFO  OK! There is no module loaded. 
2024-10-14 18:46:14 INFO  Check all versions of kernel module in dkms. 
2024-10-14 18:46:14 INFO  OK! There are no module versions in dkms. 
2024-10-14 18:46:14 INFO  Trying to compile the requested driver                
2024-10-14 18:46:14 INFO  Trying automatic kernel headers download. 
2024-10-14 18:46:23 WARN  Failed to generate script.
                      └ err: kernel headers not found
2024-10-14 18:46:24 INFO  Trying to dkms install module. gcc: /usr/bin/gcc
2024-10-14 18:46:56 INFO  kernel module available.
                      └ path: /root/.falco/7.3.0+driver/x86_64/falco_ubuntu-generic_5.4.0-150-generic_167~18.04.1.ko
2024-10-14 18:46:56 INFO  Success: module found and loaded in dkms.
                      └ driver: /root/.falco/7.3.0+driver/x86_64/falco_ubuntu-generic_5.4.0-150-generic_167~18.04.1.ko
[POST-INSTALL] Enable 'falco-kmod.service':
Created symlink /etc/systemd/system/falco.service → /usr/lib/systemd/system/falco-kmod.service.
Created symlink /etc/systemd/system/multi-user.target.wants/falco-kmod.service → /usr/lib/systemd/system/falco-kmod.service.
[POST-INSTALL] Start 'falco-kmod.service':
Failed to start falco-kmod.service: Unit falco-kmod.service is not loaded properly: Exec format error.
See system logs and 'systemctl status falco-kmod.service' for details.
Setting up build-essential (12.4ubuntu1) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for libc-bin (2.27-3ubuntu1.4) ...
root@ubuntu:/home/falco# uname -r
5.4.0-150-generic
root@ubuntu:/home/falco# systemctl start falco-kmod.service
Failed to start falco-kmod.service: Unit falco-kmod.service is not loaded properly: Exec format error.
See system logs and 'systemctl status falco-kmod.service' for details.
root@ubuntu:/home/falco# systemctl start falco-kmod.service
Failed to start falco-kmod.service: Unit falco-kmod.service is not loaded properly: Exec format error.
See system logs and 'systemctl status falco-kmod.service' for details.
root@ubuntu:/home/falco# systemctl status falco-kmod.service
● falco-kmod.service - Falco: Container Native Runtime Security with kmod
   Loaded: error (Reason: Exec format error)
   Active: inactive (dead)
     Docs: https://falco.org/docs/

Oct 14 18:46:13 ubuntu systemd[1]: /usr/lib/systemd/system/falco-kmod.service:13: Executable path is not absolute: kill -1 $MAINPID
Oct 14 18:46:56 ubuntu systemd[1]: /usr/lib/systemd/system/falco-kmod.service:13: Executable path is not absolute: kill -1 $MAINPID

How to reproduce it

ubuntu 18.04

root@ubuntu:/home/falco# uname -r
5.4.0-150-generic

Expected behaviour

Screenshots

Successfully installed falco.

Environment

• Falco version:
• System info:

root@ubuntu:/home/falco# falco --support | jq .system_info
Mon Oct 14 19:19:34 2024: Falco version: 0.39.1 (x86_64)
Mon Oct 14 19:19:34 2024: Falco initialized with configuration files:
Mon Oct 14 19:19:34 2024:    /etc/falco/config.d/engine-kind-falcoctl.yaml | schema validation: ok
Mon Oct 14 19:19:34 2024:    /etc/falco/falco.yaml | schema validation: ok
Mon Oct 14 19:19:34 2024: System info: Linux version 5.4.0-150-generic (buildd@bos03-amd64-012) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #167~18.04.1-Ubuntu SMP Wed May 24 00:51:42 UTC 2023
Mon Oct 14 19:19:34 2024: Loading rules from:
Mon Oct 14 19:19:34 2024:    /etc/falco/falco_rules.yaml | schema validation: ok
Mon Oct 14 19:19:34 2024:    /etc/falco/falco_rules.local.yaml | schema validation: none
{
  "machine": "x86_64",
  "nodename": "ubuntu",
  "release": "5.4.0-150-generic",
  "sysname": "Linux",
  "version": "#167~18.04.1-Ubuntu SMP Wed May 24 00:51:42 UTC 2023"
}
root@ubuntu:/home/falco# 

• Cloud provider or hardware configuration:
• OS:

  
  root@ubuntu:/home/falco# cat /etc/os-release
  NAME="Ubuntu"
  VERSION="18.04.6 LTS (Bionic Beaver)"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Ubuntu 18.04.6 LTS"
  VERSION_ID="18.04"
  HOME_URL="https://www.ubuntu.com/"
  SUPPORT_URL="https://help.ubuntu.com/"
  BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
  PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
  VERSION_CODENAME=bionic
  UBUNTU_CODENAME=bionic

- Kernel:
<!-- Eg., output of "uname -a". -->

5.4.0-150-generic

- Installation method:
<!-- Eg., Kubernetes, RPM, DEB, from source? -->

https://v0-32.falco.org/docs/getting-started/installation/

from 

curl -s https://falco.org/repo/falcosecurity-3672BA8F.asc | apt-key add - echo "deb https://download.falco.org/packages/deb stable main" | tee -a /etc/apt/sources.list.d/falcosecurity.list apt-get update -y

apt-get -y install linux-headers-$(uname -r)

apt-get install -y falco

**Additional context**

<!-- Add any other context about the problem here. -->

[zer0-1s]

My idea is to test whether falco can detect container escape vulnerabilities. To quickly reproduce vulnerabilities, metarget is used. And metarget has the best support for Ubuntu 18.04.