Installing Falcon Sensor for Linux

Summary

In this resource you will learn how to quickly and easily install the Falcon Sensor for Linux

The Problem

Deploying cybersecurity shouldn’t be difficult. Many security tools on the market today still require reboots or complex deployment that impact your business operations.

The Value of the CrowdStrike Falcon Platform 

CrowdStrike’s Falcon sensor is simple to deploy and doesn’t interrupt your organization with required restarts.

Seamlessly install and start protecting your environment in seconds, all with a single, lightweight sensor used across the entire Falcon Platform.

Downloading the Sensor

Start by downloading the latest Falcon sensor. 

In the Falcon Console, click the main menu icon in the upper-left side of the screen. Then, click the Host Setup and Management category. Finally, click Sensor Downloads under the “Deploy” category.

Sensor Download

Find the Linux sensor, and click the download button to download the latest sensor to your machine.

Sensor Download Linux

Find Your Customer ID

On the Sensor Download page you will also find your Customer ID.

You will use this unique ID during the installation process to tie your sensor back to your organization’s Falcon instance. Use the copy button next to the ID to copy it to the clipboard.

Customer ID

Installing the Sensor

On the endpoint you want to install the sensor on, installing the sensor requires sudo privileges.

Run the sensor installer file

 

sudo yum install <installer_filename> 

 

If prompted by your OS to allow the installation, click yes to confirm.

Install Sensor Command

Set your Customer ID (CID) on the sensor,

 

sudo /opt/CrowdStrike/falconctl -s --cid=<CID>

Installation

Start the sensor manually. 

No restarts are required for sensor install – so you can deploy without interruption.

Start Sensor Service

The CrowdStrike Falcon Sensor is now installed. 

 

Confirming Installation

You can verify the sensor installation by running a command searching for the falcon sensor

 

sudo ps -e | grep falcon-sensor

Confirming Sensor Installation

You can also confirm the sensor installation in the Falcon Console. 

Click the Main Menu Icon, then under the Host Setup and Management tab click the Newly Installed Sensor page.

Newly Installed Sensors

The Newly Installed Sensor page displays all new hosts that have had the Falcon sensor installed in the given time range.

Kernel and user mode

CrowdStrike supports both Kernel mode and user mode. 

Go to the Host management page to see which hosts are currently in user mode 

User mode

and which hosts are in Kernel mode.

Kernel Mode

Summary

That’s how simple installing the Falcon Sensor is. In minutes, you can enable next generation protection for your environment with the CrowdStrike Falcon Platform. All with no restarts, and no interruption to your business.

Related Content