https://github.com/104ru/crowdstrike

Puppet module to deploy and manage CrowdStrike agent
https://github.com/104ru/crowdstrike

crowdstrike puppet

Last synced: 2 days ago
JSON representation

Puppet module to deploy and manage CrowdStrike agent

• Host: GitHub
• URL: https://github.com/104ru/crowdstrike
• Owner: 104ru
• Created: 2021-03-12T02:08:54.000Z (about 4 years ago)
• Default Branch: master
• Last Pushed: 2024-02-28T21:06:51.000Z (about 1 year ago)
• Last Synced: 2025-04-24T17:22:42.895Z (24 days ago)
• Topics: crowdstrike, puppet
• Language: Ruby
• Homepage:
• Size: 41 KB
• Stars: 1
• Watchers: 1
• Forks: 11
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md

Awesome Lists containing this project

README

        
[![Build Status](https://github.com/104ru/crowdstrike/workflows/CI/badge.svg)](https://github.com/104ru/crowdstrike/actions?query=workflow%3ACI)

[![Puppet Forge](https://img.shields.io/puppetforge/v/ruthenium/crowdstrike.svg)](https://forge.puppet.com/modules/ruthenium/crowdstrike)

[![Puppet Forge -- Downloads](https://shields.io/puppetforge/dt/ruthenium/crowdstrike)](https://forge.puppet.com/modules/ruthenium/crowdstrike)

# crowdstrike

The module is designed to deploy and manage CrowdStrike's Falcon Sensor

antivirus agent.

## Table of Contents

1. [Description](#description)

1. [Setup - The basics of getting started with crowdstrike](#setup)

    * [Setup requirements](#setup-requirements)

    * [Beginning with crowdstrike](#beginning-with-crowdstrike)

1. [Usage - Configuration options and additional functionality](#usage)

1. [Limitations - OS compatibility, etc.](#limitations)

## Description

The modules installs and manages or removes the Falcon Sensor anti-virus

agent by CrowdStrike. Proxy settings and tags can be confiugred additionaly. 

## Setup

### Setup requirements

The module installs a package `falcon-sensor`, which it assumes to be

available in a repo configured on the system. The vendor does not maintain

a Linux repository.

Alternatively you can customize package source and provider to have an ability

to install from a different source.

### Beginning with crowdstrike

The most basic usage of the module:

```puppet

class { 'crowdstrike': cid => 'AAAAAAAAAAAAA-BB' }

```

Parameter `cid` is mandatory.

## Usage

In most cases just specifying `cid` (customer id) is sufficient, but adding

tags is desirable for easy grouping and searching of the hosts in the

CrowdStrike console:

```puppet

class { 'crowdstrike':

  cid  => 'AAAAAAAAAAAA-BB',

  tags => [ 'My Organization', 'My Department' ]

}

```

If the computer does not have direct access to the CrowdStrike cloud service,

connection can be routed through a proxy server:

```puppet

class { 'crowdstrike':

  cid        => 'AAAAAAAAAAAA-BB',

  proxy_host => 'proxy-server.my-organization.com',

  proxy_port => 3128

}

```

Both `proxy_host` and `proxy_port` are mandatory if either specified.

If provisioning token is reqired during the installation, use the `provisioning_token`

parameter:

```puppet

class { 'crowdstrike':

  cid                => 'AAAAAAAAAAAA-BB',

  provisioning_token => 'XXXXXXXXXXXXXX'

}

```

## Limitations

If proxy has been used and later disabled, the host and port configuration is

not removed entirely, only disabled. This does not affect the functionality in

any way.

CrowdStrike sensor software is capable of auto-updating its binaries if

configured to do so in the console. It happened in the past when update changes

the format of the falconctl output, which may break the fact in this module. If

that happens, the module detects this situation, displays the relevant error

message and fails the puppet run. If you see this happening, it is time to

update the version of the module you have.