I created a new PR for 6.45.
Search Criteria
Package Details: falcon-sensor 7.14.0.16703-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/falcon-sensor.git (read-only, click to copy) |
---|---|
Package Base: | falcon-sensor |
Description: | Crowdstrike Falcon Sensor daemon and kernel modules |
Upstream URL: | https://crowdstrike.com |
Licenses: | custom |
Submitter: | frealgagu |
Maintainer: | sipak |
Last Packager: | sipak |
Votes: | 5 |
Popularity: | 0.000000 |
First Submitted: | 2020-12-06 04:56 (UTC) |
Last Updated: | 2024-05-21 13:33 (UTC) |
33Fraise33 commented on 2022-09-15 09:09 (UTC)
DenisBY commented on 2022-08-02 15:40 (UTC) (edited on 2022-08-02 15:58 (UTC) by DenisBY)
Please update to 6.41.
Nevermind. I adjusted PKGBUILD and installed it manually
sarmong commented on 2022-06-06 09:39 (UTC)
Seems to be working well for me with linux-lts
kernel.
But please, add a link to the github releases directly into the source
field in PKGBUILD instead of the manual://...
stuff
Iiridayn commented on 2022-04-08 21:49 (UTC)
c6bc3af02e913442856b741db4e04de1a49bf204cf695a1456bb265fecdb547b falcon-sensor_6.37.0-13402_amd64.deb
@squatched - doing next to nothing on my desktop is okay with me, since IT is mandating this.
a.karavayeu commented on 2022-03-10 16:06 (UTC) (edited on 2022-03-10 16:07 (UTC) by a.karavayeu)
For those, who like me had an issue understanding the manual://
source protocol.
The .deb file can be downloaded from https://github.com/frealgagu/archlinux.falcon-sensor/releases
It should be placed nearby PKGBUILD, i.e. /var/tmp/pamac-build-`whoami`/falcon-sensor
Edit build scripts to remove manual://
prefix.
P.S. it's my first comment and first attempt to edit build files
squatched commented on 2021-04-22 21:19 (UTC)
Given that Arch isn't an officially supported distribution (by Falcon), installing this does next to nothing. The sensor will detect the kernel as an unsupported kernel and then run in "Reduced Functionality Mode" (RFM) which is basically a health check and that's it.
This MAY be due to secure boot and I would like to poke at that a bit and see if I can get it working but I don't hold out hope that it will. I am also going to play around with LTS versions of the kernel but I think to get this to work, I'd have to go all the way back to the LTS 5.4 kernel given that appears to be the most recent kernel that Falcon supports (due to Ubuntu 20.04 LTS). Even then, given that it's not an officially supported kernel, I'm willing to bet without some serious mucking (or official support), I won't ever get anything more than RFM.
dapolinario commented on 2020-12-29 22:52 (UTC)
I already modified PKGBUILD with this version, locally, and it is working. I received this version straight from the server console.
frealgagu commented on 2020-12-29 22:31 (UTC)
@dapolinario the .deb file, in order to update the sha256sum and test it locally. is there an upstream where I can download it? the only way I know is obtaining it from the server console.
dapolinario commented on 2020-12-29 21:56 (UTC)
Hi! Yes, I have this updated version: 6.12 in deb format. What do you need from me? PKGBUILD?
Pinned Comments
sipak commented on 2024-12-04 08:32 (UTC) (edited on 2024-12-04 08:36 (UTC) by sipak)
The installer was updated and proven to be working on Arch as of a month now. I no longer have access to a licensed product to test it anymore, so feel free to update/adopt.
By using CrowdStrike, you are bound by CrowdStrike license terms that may change without notice.
Terms of Use: https://www.crowdstrike.com/software-terms-of-use/ Privacy Notice: https://www.crowdstrike.com/privacy-notice/ License: https://www.crowdstrike.com/en-us/crowdstrike-sensor-licensing-faq/ Documentation: https://www.crowdstrike.com/tech-hub/endpoint-security/installing-falcon-sensor-for-linux/
frealgagu commented on 2023-02-02 00:17 (UTC)
@ZetaRevan downloading from CrowdStrike portal is the only allowed method to get the required binaries as stated here: https://www.crowdstrike.com/blog/tech-center/install-falcon-sensor/
If you need the binary you need to have a valid license and download the package from the portal using your credentials.
Verification sums may differ from the source you obtain (with the valid license) so I'm leaving the checksum SKIPPED in order to allow you install the sensor without modification.
https://github.com/frealgagu/archlinux.falcon-sensor won't be available again and I recommend to not upload CrowdStrike binaries (even the ones generated for ArchLinux) publicly to avoid legal issues.
You can put your binary directly in the same folder of PKGBUILD and run makepkg (or extra-x86_64-build if you want a clean chroot environment), this way the command will recognize your binary and it will use it to make the ArchLinux package properly (avoiding the unknown manual:// protocol)