How to Install the Falcon Agent – Linux
The greatest minds in cybersecurity are at Fal.Con in Las Vegas, Sept. 18-21.
Register now to build skills at hands-on workshops and learn from skilled threat hunters.
Introduction
In this document and video, you’ll see how the CrowdStrike Falcon® agent is installed on an individual system and then validated in the Falcon management interface.
Video
Installation Steps
Step 1: Download and install the agent
Upon verification, the Falcon UI (Supported browser: Chrome) will open to the Activity App. To download the agent, navigate to Hosts App by selecting the host icon on the left. Then select “Sensor Downloads”. On the Sensor Downloads page there are multiple versions of the Falcon Sensor available.
Select the correct sensor version for your OS by clicking on the “DOWNLOAD” link to the right.
NOTE: For Linux installations the kernel version is important. See the Linux Deployment Guide in the support section of the Falcon user interface for kernel version support.
Copy your Customer ID Checksum (CID), displayed on Sensor Downloads.
- Run the installer, substituting
<installer_package>
with your installer’s file name.- Ubuntu:
sudo dpkg -i <installer_package>
- RHEL, CentOS, Amazon Linux:
sudo yum install <installer_package>
- SLES:
sudo zypper install <installer_package>
- Ubuntu:
- Set your CID on the sensor, substituting
<CID>
with your CID.
This step is not required for versions 4.0 and earlier.- All OSes:
sudo /opt/CrowdStrike/falconctl -s --cid=<CID>
- All OSes:
- Start the sensor manually.
This step is not required for versions 4.0 and earlier.- Hosts with
SysVinit
:
service falcon-sensor start
- Hosts with
Systemd
:
systemctl start falcon-sensor
- Hosts with
Step 2: Confirm that the sensor is running
Confirm the sensor is running.
- All OSes:
ps -e | grep falcon-sensor
You’ll see output similar to this:
[root@centos6-installtest ~]# sudo ps -e | grep falcon-sensor
905 ? 00:00:02 falcon-sensor
Step 3: Verify sensor visibility in the cloud
Finally, verify the newly installed agent in the Falcon UI. To view a complete list of newly installed sensors in the past 24 hours, go to https://falcon.crowdstrike.com.
Navigate to the Host App. The dashboard has a “Recently Installed Sensors” section. Clicking on this section of the UI, will take you to additional details of recently install systems.
The hostname of your newly installed agent will appear on this list within a few minutes of installation. If you don’t see your host listed, read through the Sensor Deployment Guide for your platform to troubleshoot connectivity issues.
Conclusion
Once the sensor is installed and verified in the UI, the installation is complete and the system is protected with the applies policies.