Back to Tech Center

How to Install the Falcon Agent – Linux

February 8, 2018

Tech Center
CrowdStrike Tech Center

The greatest minds in cybersecurity are at Fal.Con in Las Vegas, Sept. 18-21.

Register now to build skills at hands-on workshops and learn from skilled threat hunters.

Introduction

In this document and video, you’ll see how the CrowdStrike Falcon® agent is installed on an individual system and then validated in the Falcon management interface.

Video

Installation Steps

Step 1: Download and install the agent

Upon verification, the Falcon UI (Supported browser: Chrome) will open to the Activity App.  To download the agent, navigate to Hosts App by selecting the host icon on the left.  Then select “Sensor Downloads”.  On the Sensor Downloads page there are multiple versions of the Falcon Sensor available.

Falcon Menu

Select the correct sensor version for your OS by clicking on the “DOWNLOAD” link to the right.  

NOTE: For Linux installations the kernel version is important. See the Linux Deployment Guide in the support section of the Falcon user interface for kernel version support.

Copy your Customer ID Checksum (CID), displayed on Sensor Downloads.

Download Sensor - Linux

  1. Run the installer, substituting <installer_package> with your installer’s file name.
    • Ubuntu:
      sudo dpkg -i <installer_package>
    • RHEL, CentOS, Amazon Linux:
      sudo yum install <installer_package>
    • SLES:
      sudo zypper install <installer_package>
  2. Set your CID on the sensor, substituting <CID> with your CID.
    This step is not required for versions 4.0 and earlier.

    • All OSes:
      sudo /opt/CrowdStrike/falconctl -s --cid=<CID>
  3. Start the sensor manually.
    This step is not required for versions 4.0 and earlier.

    • Hosts with SysVinit:
      service falcon-sensor start
    • Hosts with Systemd:
      systemctl start falcon-sensor

Step 2: Confirm that the sensor is running

Confirm the sensor is running.

  • All OSes:
    ps -e | grep falcon-sensor

You’ll see output similar to this:

[root@centos6-installtest ~]# sudo ps -e | grep falcon-sensor
   905 ?         00:00:02 falcon-sensor

Step 3: Verify sensor visibility in the cloud

Finally, verify the newly installed agent in the Falcon UI. To view a complete list of newly installed sensors in the past 24 hours, go to https://falcon.crowdstrike.com.

Navigate to the Host App. The dashboard has a “Recently Installed Sensors” section.  Clicking on this section of the UI, will take you to additional details of recently install systems.

The hostname of your newly installed agent will appear on this list within a few minutes of installation. If you don’t see your host listed, read through the Sensor Deployment Guide for your platform to troubleshoot connectivity issues.

Conclusion

Once the sensor is installed and verified in the UI, the installation is complete and the system is protected with the applies policies.

More resources

Related Content