diff --git a/bash/install/README.md b/bash/install/README.md index ac3c83e..41adf8c 100644 --- a/bash/install/README.md +++ b/bash/install/README.md @@ -10,20 +10,15 @@ environment variable. API clients are granted one or more API scopes. Scopes allow access to specific CrowdStrike APIs and describe the actions that an API client can perform. Ensure the following API scopes are enabled: -* **Sensor Download** [read] -* **Sensor update policies** [read] -## Configuration - -1. Get sensor download API credentials from the cloud where your account has been configured: +- **Sensor Download** [read] +- (optional) **Sensor update policies** [read] + > Use this scope when configuring the `FALCON_SENSOR_UPDATE_POLICY_NAME` environment variable. - - https://falcon.crowdstrike.com/support/api-clients-and-keys - - or https://falcon.us-2.crowdstrike.com/support/api-clients-and-keys - - or https://falcon.eu-1.crowdstrike.com/support/api-clients-and-keys +## Configuration -Configure environment variables with your API credentials. Make sure that scope **Sensor Download** [read] is enabled. +**Export the required environment variables:** -Export the required environment variables: ```bash export FALCON_CLIENT_ID="XXXXXXX" export FALCON_CLIENT_SECRET="YYYYYYYYY" @@ -32,7 +27,8 @@ export FALCON_CLIENT_SECRET="YYYYYYYYY" The installer is AWS SSM aware, if `FALCON_CLIENT_ID` and `FALCON_CLIENT_SECRET` are not provided AND the script is running on an AWS instance, the script will try to get API credentials from the SSM store of the region. Optional environment variables that can be exported: -```bash + +```terminal FALCON_CID (default: auto) FALCON_CLOUD (default: us-1) FALCON_SENSOR_VERSION_DECREMENT (default: 0 [latest]) @@ -47,12 +43,11 @@ FALCON_BILLING (default: default) possible values: [default|m FALCON_BACKEND (default: auto) possible values: [auto|bpf|kernel] FALCON_TRACE (default: none) possible values: [none|err|warn|info|debug] ``` -The `FALCON_SENSOR_UPDATE_POLICY_NAME` variable requires to have additional API access. Make sure that scope **Sensor update policies** [read] is enabled. -2. Run the script: +**Run the script**: ```bash -curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.0.0/bash/install/falcon-linux-install.sh | bash +curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.1.0/bash/install/falcon-linux-install.sh | bash ``` Alternatively, you can run the script by cloning the repo: @@ -66,7 +61,23 @@ Then, run the following command: ```bash ./falcon-linux-install.sh ``` + or + ```bash bash falcon-linux-install.sh ``` + +## Troubleshooting + +To troubleshoot installation issues, run the script by using `bash -x`: + +```bash +bash -x falcon-linux-install.sh +``` + +or + +```bash +curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.1.0/bash/install/falcon-linux-install.sh | bash -x +``` diff --git a/powershell/README.md b/powershell/README.md index cb464bb..c44a485 100644 --- a/powershell/README.md +++ b/powershell/README.md @@ -3,3 +3,4 @@ | Scripts | Description | |:-|:-| | [Install](install) | PowerShell scripts for installing/uninstalling the CrowdStrike Falcon Sensor for Windows | +| [Migrate](migrate) | PowerShell script for host migration between Falcon cloud tenants | diff --git a/powershell/install/README.md b/powershell/install/README.md index cbd6d40..2136f9f 100644 --- a/powershell/install/README.md +++ b/powershell/install/README.md @@ -7,12 +7,13 @@ Powershell scripts to install/uninstall Falcon Sensor through the Falcon APIs on API clients are granted one or more API scopes. Scopes allow access to specific CrowdStrike APIs and describe the actions that an API client can perform. Ensure the following API scopes are enabled: + - Install: - * **Sensor Download** [read] - * **Sensor update policies** [read] + - **Sensor Download** [read] + - **Sensor update policies** [read] - Uninstall: - * **Host** [write] - * **Sensor update policies** [write] + - **Host** [write] + - **Sensor update policies** [write] ## Configuration @@ -29,7 +30,7 @@ to complete. Script options can be passed as parameters or defined in the param() block. Default values are listed in the parameter descriptions: -```pwsh +```terminal .PARAMETER FalconCloud CrowdStrike Falcon OAuth2 API Hostname ['https://api.crowdstrike.com' if left undefined] .PARAMETER FalconClientId @@ -58,9 +59,18 @@ Time to wait, in seconds, for sensor to provision [default: 1200] A comma-separated list of tags to apply to the host after sensor installation [default: $null] ``` -Example: +***Examples***: + +To download the script: + +```pwsh +Invoke-WebRequest -Uri https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.1.0/powershell/install/falcon_windows_install.ps1 -OutFile falcon_windows_install.ps1 +``` + +Basic example that will install the sensor with the provided provisioning token + ```pwsh -PS>.\falcon_windows_install.ps1 -FalconClientId -FalconClientSecret +.\falcon_windows_install.ps1 -FalconClientId -FalconClientSecret -ProvToken ``` ### Uninstall @@ -74,7 +84,7 @@ to complete. Script options can be passed as parameters or defined in the param() block. Default values are listed in the parameter descriptions: -```pwsh +```terminal .PARAMETER MaintenanceToken Sensor uninstall maintenance token. If left undefined, the script will attempt to retrieve the token from the API assuming the FalconClientId|FalconClientSecret are defined. @@ -100,15 +110,23 @@ CrowdStrike Falcon OAuth2 API Client Secret [Required if RemoveHost is $true] Member CID, used only in multi-CID ("Falcon Flight Control") configurations and with a parent management CID. ``` -Examples: +***Examples***: + +To download the script: + +```pwsh +Invoke-WebRequest -Uri https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.1.0/powershell/install/falcon_windows_uninstall.ps1 -OutFile falcon_windows_uninstall.ps1 +``` Basic example that will uninstall the sensor with the provided maintenance token + ```pwsh -PS>.\falcon_windows_uninstall.ps1 -MaintenanceToken +.\falcon_windows_uninstall.ps1 -MaintenanceToken ``` An example using the Falcon API to retrieve the maintenance token and remove the host from the Falcon console after uninstalling. + ```pwsh -PS>.\falcon_windows_uninstall.ps1 -FalconClientId -FalconClientSecret -RemoveHost $true +.\falcon_windows_uninstall.ps1 -FalconClientId -FalconClientSecret -RemoveHost $true ``` diff --git a/powershell/migrate/README.md b/powershell/migrate/README.md index 4e95110..1d965f9 100644 --- a/powershell/migrate/README.md +++ b/powershell/migrate/README.md @@ -87,9 +87,17 @@ Remove host from CrowdStrike Falcon Opt in/out of migrating tags. Tags passed to the Tags flag will still be added. ``` +---------- + +To download the script, run the following command: + +```pwsh +Invoke-WebRequest -Uri "https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.1.0/powershell/migrate/falcon_windows_migrate.ps1" -OutFile "falcon_windows_migrate.ps1" +``` + ### Example 1 -A simple migration from US-1 to US-2 including sensor tags and falcon tags: +A simple migration from US-1 to US-2 including existing sensor and falcon tags: ```pwsh .\falcon_windows_migrate.ps1 ` @@ -119,7 +127,7 @@ Migrate from US-1 to EU-1, remove the old host from the UI and add a new sensor ### Example 3 -Migrate from US-2 to EU-1, use a provisioning token and add a new falcon tag to the sensor: +Migrate from US-2 to EU-1, use a provisioning token and add a new falcon tag: ```pwsh .\falcon_windows_migrate.ps1 `