Install Falcon Sensor on Ubuntu


sudo dpkg -i falcon-sensor_6.20.0-11711_amd64.deb

Selecting previously unselected package falcon-sensor.
(Reading database ... 61064 files and directories currently installed.)
Preparing to unpack falcon-sensor_6.20.0-11711_amd64.deb ...
Unpacking falcon-sensor (6.20.0-11711) ...
Setting up falcon-sensor (6.20.0-11711) ...
Processing triggers for systemd (229-4ubuntu21.4) ...
Processing triggers for ureadahead (0.100.0-19) ...

sudo /opt/CrowdStrike/falconctl -s --cid=CID

service falcon-sensor start

==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'falcon-sensor.service'.
Multiple identities can be used for authentication:
 1.  XXX,,, (XXX)
 2.  XXX,,, (XXX)
 3.  crowdstrike
Choose identity to authenticate as (1-3): 3

ps -e | grep falcon-sensor

25215 ?        00:00:01 falcon-sensor

sudo netstat -tapn | grep falcon

We got an issue here. No established connection here.

sudo /opt/CrowdStrike/falconctl -g --aid --cid

cid="CID", aid is not set.

We have no agent id!

sudo less /var/log/syslog | grep falcon

CrowdStrike(4): Connect: Unable to resolve, getaddrinfo returned -3

It looks like a proxy / firewall blocking the connection to the cloud. Report this issue to the network guys.