X

Our website uses cookies to enhance your browsing experience.

CONTINUE TO SITE >

How to Install the Falcon Agent – Linux

Introduction

In this document and video, you’ll see how the CrowdStrike Falcon agent is installed on an individual system and then validated in the Falcon management interface.

Video

Prerequisites

List of supported Operating Systems: https://www.crowdstrike.com/products/crowdstrike-falcon-faq/

Unlike traditional AV products, the Falcon Sensor can run alongside existing security software.  Consequently, there is no need to uninstall existing antivirus products before installing the Falcon agent.

Supported browser: Chrome

Installation Steps

Step 1: Download and install the agent

Upon verification, the Falcon UI will open to the Activity App.  To download the agent, navigate to Hosts App by selecting the host icon on the left.  Then select “Sensor Downloads”.  On the Sensor Downloads page there are multiple versions of the Falcon Sensor available.

Sensor Download Page

Select the correct sensor version for your OS by clicking on the “DOWNLOAD” link to the right.  For Linux installations the kernel version is important. See the Linux Deployment Guide in the support section of the Falcon user interface for kernel version support.

Linux versions on Downloads

Copy your Customer ID Checksum (CID), displayed on Sensor Downloads.

Sensor CID and checksum

  1. Run the installer, substituting <installer_package> with your installer’s file name.
    • Ubuntu:
      sudo dpkg -i <installer_package>
    • RHEL, CentOS, Amazon Linux:
      sudo yum install <installer_package>
    • SLES:
      sudo zypper install <installer_package>
  2. Set your CID on the sensor, substituting <CID> with your CID.
    This step is not required for versions 4.0 and earlier.

    • All OSes:
      sudo /opt/CrowdStrike/falconctl -s --cid=<CID>
  3. Start the sensor manually.
    This step is not required for versions 4.0 and earlier.

    • Hosts with SysVinit:
      service falcon-sensor start
    • Hosts with Systemd:
      systemctl start falcon-sensor

Step 2: Confirm that the sensor is running

Confirm the sensor is running.

  • All OSes:
    ps -e | grep falcon-sensor

You’ll see output similar to this:

[root@centos6-installtest ~]# sudo ps -e | grep falcon-sensor
   905 ?         00:00:02 falcon-sensor

Step 3: Verify sensor visibility in the cloud

Finally, verify the newly installed agent in the Falcon UI. To view a complete list of newly installed sensors in the past 24 hours, go to https://falcon.crowdstrike.com.

Navigate to the Host App. The dashboard has a “Recently Installed Sensors” section.  Clicking on this section of the UI, will take you to additional details of recently install systems.

The hostname of your newly installed agent will appear on this list within a few minutes of installation. If you don’t see your host listed, read through the Sensor Deployment Guide for your platform to troubleshoot connectivity issues.

Conclusion

Once the sensor is installed and verified in the UI, the installation is complete and the system is protected with the applies policies.
CrowdStrike Falcon Free Trial
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial