How to Install the Falcon Agent on Ubuntu Linux (full instructions)

After wrestling for a while trying to get CrowdStrike's falcon sensor app running properly in Ubuntu, we found that the online documentation is incomplete. A round trip to their support team got us this PDF (Falcon Sensor for Linux Deployment Guide Documentation Support _ Falcon), which gave us the information we needed:

Install; your version may be different, the package is available on your portal.

sudo dpkg -i falcon-sensor_4.12.0-5704_amd64.deb

Then, had to run these three commands because of a dependency issue. Ignored a few notification-type errors.

sudo apt-get install libnl1
sudo apt-get upgrade
sudo apt-get -f install

Register your sensor:

sudo /opt/CrowdStrike/falconctl -s --cid=<YOURCIDGOESHERE>

Start the service:

sudo systemctl start falcon-sensor

Add proxy server and port (3128 is default for squid, your port may be different):

sudo /opt/CrowdStrike/falconctl -s --aph=myproxy.mydomain.or.ip --app=3128

There is other useful information in the doc (linked above), but these should get you going. Note, the proxy config is not required for all implementations.

Posted in Everything on Oct 02, 2018