Arch Linux User Repository

The installer was updated and proven to be working on Arch as of a month now. I no longer have access to a licensed product to test it anymore, so feel free to update/adopt.

By using CrowdStrike, you are bound by CrowdStrike license terms that may change without notice.
Terms of Use: https://www.crowdstrike.com/software-terms-of-use/ Privacy Notice: https://www.crowdstrike.com/privacy-notice/ License: https://www.crowdstrike.com/en-us/crowdstrike-sensor-licensing-faq/ Documentation: https://www.crowdstrike.com/tech-hub/endpoint-security/installing-falcon-sensor-for-linux/

@ZetaRevan downloading from CrowdStrike portal is the only allowed method to get the required binaries as stated here: https://www.crowdstrike.com/blog/tech-center/install-falcon-sensor/

If you need the binary you need to have a valid license and download the package from the portal using your credentials.

Verification sums may differ from the source you obtain (with the valid license) so I'm leaving the checksum SKIPPED in order to allow you install the sensor without modification.

https://github.com/frealgagu/archlinux.falcon-sensor won't be available again and I recommend to not upload CrowdStrike binaries (even the ones generated for ArchLinux) publicly to avoid legal issues.

You can put your binary directly in the same folder of PKGBUILD and run makepkg (or extra-x86_64-build if you want a clean chroot environment), this way the command will recognize your binary and it will use it to make the ArchLinux package properly (avoiding the unknown manual:// protocol)

Thanks for confirming. I ended up pulling a copy provided by my employer & ran my own checksum & changed that in the PKGBUILD & .SRCINFO files.

Note to other users: also make sure you're updating the version number in these files to whatever version you're getting from Crowdstrike.

@ZetaRevan downloading from CrowdStrike portal is the only allowed method to get the required binaries as stated here: https://www.crowdstrike.com/blog/tech-center/install-falcon-sensor/

If you need the binary you need to have a valid license and download the package from the portal using your credentials.

Verification sums may differ from the source you obtain (with the valid license) so I'm leaving the checksum SKIPPED in order to allow you install the sensor without modification.

https://github.com/frealgagu/archlinux.falcon-sensor won't be available again and I recommend to not upload CrowdStrike binaries (even the ones generated for ArchLinux) publicly to avoid legal issues.

You can put your binary directly in the same folder of PKGBUILD and run makepkg (or extra-x86_64-build if you want a clean chroot environment), this way the command will recognize your binary and it will use it to make the ArchLinux package properly (avoiding the unknown manual:// protocol)

https://github.com/frealgagu/archlinux.falcon-sensor/releases returns a 404. either the repo was removed or made private. I haven't found another source.

I created a new PR for 6.45.

Please update to 6.41.

Nevermind. I adjusted PKGBUILD and installed it manually

Seems to be working well for me with linux-lts kernel.

But please, add a link to the github releases directly into the source field in PKGBUILD instead of the manual://... stuff

c6bc3af02e913442856b741db4e04de1a49bf204cf695a1456bb265fecdb547b falcon-sensor_6.37.0-13402_amd64.deb

@squatched - doing next to nothing on my desktop is okay with me, since IT is mandating this.

For those, who like me had an issue understanding the manual:// source protocol.

The .deb file can be downloaded from https://github.com/frealgagu/archlinux.falcon-sensor/releases

It should be placed nearby PKGBUILD, i.e. /var/tmp/pamac-build-`whoami`/falcon-sensor

Edit build scripts to remove manual:// prefix.

P.S. it's my first comment and first attempt to edit build files

Given that Arch isn't an officially supported distribution (by Falcon), installing this does next to nothing. The sensor will detect the kernel as an unsupported kernel and then run in "Reduced Functionality Mode" (RFM) which is basically a health check and that's it.

This MAY be due to secure boot and I would like to poke at that a bit and see if I can get it working but I don't hold out hope that it will. I am also going to play around with LTS versions of the kernel but I think to get this to work, I'd have to go all the way back to the LTS 5.4 kernel given that appears to be the most recent kernel that Falcon supports (due to Ubuntu 20.04 LTS). Even then, given that it's not an officially supported kernel, I'm willing to bet without some serious mucking (or official support), I won't ever get anything more than RFM.