Due to licensing restrictions, you will need to manually download\ obtain the latest.deb falcon sensor software.
Download the falcon .deb file, then run this command inside same folder:
yay -S falcon-sensor
Customer CID number required in this command to unlock service:
sudo /opt/CrowdStrike/falconctl -s --cid=<YOUR CUSTOMER ID>
Enable the service:
sudo systemctl enable --now falcon-sensor.service
Start the service:
sudo systemctl start falcon-sensor.service
Verify service state:
systemctl status falcon-sensor.service
# Maintainer: Kyle Thompson <kylejeromethompson@gmail.com>
#
# --- DISCLAIMER ---
# This PKGBUILD is an unofficial community contribution. It is not affiliated with,
# endorsed, or supported by CrowdStrike, Inc.
#
# The CrowdStrike Falcon sensor is proprietary software. By building and installing
# this package, you acknowledge that you are downloading software directly from
# CrowdStrike and agree to be bound by their End User License Agreement and
# Privacy Notice. You are solely responsible for ensuring you have a valid
# license to use the software.
#
# This installation script is provided "AS IS" without warranty of any kind,
# express or implied. The user assumes all risk and responsibility for its use.
#
# Terms of Use: https://www.crowdstrike.com/software-terms-of-use/
# Privacy Notice: https://www.crowdstrike.com/privacy-notice/
# --- Package Information ---
pkgname='falcon-sensor'
pkgdesc="CrowdStrike Falcon Sensor for Linux"
arch=('x86_64')
url="https://falcon.crowdstrike.com/"
license=('custom')
# --- Versioning ---
_pkgver='7.30.0'
_pkgrel='18306'
pkgver=${_pkgver}
pkgrel=${_pkgrel}
# --- Dependencies and Conflicts ---
depends=('glibc' 'openssl')
provides=("${pkgname}")
conflicts=("${pkgname}")
# --- Source File ---
source=("falcon-sensor_${_pkgver}-${_pkgrel}_amd64.deb")
sha256sums=('SKIP')
# --- Packaging Function ---
package() {
# Extract the data archive from the .deb file
tar -xf "${srcdir}/data.tar.xz" -C "${pkgdir}/"
# Create the destination directory structure first (-p creates parent dirs if needed)
mkdir -p "${pkgdir}/usr/lib/"
# Move the contents of the extracted 'lib' directory to '/usr/lib' inside the package
mv "${pkgdir}/lib"/* "${pkgdir}/usr/lib/"
# Remove the now-empty 'lib' directory from the package
rmdir "${pkgdir}/lib"
}
Pinned Comments
kylethompson commented on 2025-10-10 13:52 (UTC) (edited on 2025-10-10 17:43 (UTC) by kylethompson)
Due to licensing restrictions, you will need to manually download\ obtain the latest.deb falcon sensor software.
Download the falcon .deb file, then run this command inside same folder:
Customer CID number required in this command to unlock service:
Enable the service:
Start the service:
Verify service state:
sipak commented on 2024-12-04 08:32 (UTC) (edited on 2024-12-04 08:36 (UTC) by sipak)
The installer was updated and proven to be working on Arch as of a month now. I no longer have access to a licensed product to test it anymore, so feel free to update/adopt.
By using CrowdStrike, you are bound by CrowdStrike license terms that may change without notice.
Terms of Use: https://www.crowdstrike.com/software-terms-of-use/ Privacy Notice: https://www.crowdstrike.com/privacy-notice/ License: https://www.crowdstrike.com/en-us/crowdstrike-sensor-licensing-faq/ Documentation: https://www.crowdstrike.com/tech-hub/endpoint-security/installing-falcon-sensor-for-linux/
frealgagu commented on 2023-02-02 00:17 (UTC)
@ZetaRevan downloading from CrowdStrike portal is the only allowed method to get the required binaries as stated here: https://www.crowdstrike.com/blog/tech-center/install-falcon-sensor/
If you need the binary you need to have a valid license and download the package from the portal using your credentials.
Verification sums may differ from the source you obtain (with the valid license) so I'm leaving the checksum SKIPPED in order to allow you install the sensor without modification.
https://github.com/frealgagu/archlinux.falcon-sensor won't be available again and I recommend to not upload CrowdStrike binaries (even the ones generated for ArchLinux) publicly to avoid legal issues.
You can put your binary directly in the same folder of PKGBUILD and run makepkg (or extra-x86_64-build if you want a clean chroot environment), this way the command will recognize your binary and it will use it to make the ArchLinux package properly (avoiding the unknown manual:// protocol)