diff --git a/bash/containers/falcon-container-sensor-pull/README.md b/bash/containers/falcon-container-sensor-pull/README.md index 2a312d0..bc4e8c4 100644 --- a/bash/containers/falcon-container-sensor-pull/README.md +++ b/bash/containers/falcon-container-sensor-pull/README.md @@ -71,7 +71,7 @@ The script supports auto-discovery of the Falcon cloud region. If the cloud regi ```terminal Usage: falcon-container-sensor-pull.sh [options] -Version: 1.7.0 +Version: 1.7.1 Required Flags: -u, --client-id Falcon API OAUTH Client ID @@ -104,31 +104,31 @@ Help Options: > **Note**: **Settings can be passed to the script via CLI flags or environment variables:** -| Flags | Environment Variables | Default | Description | -|:-----------------------------------------------|-------------------------|----------------------------|------------------------------------------------------------------------------------------| -| `-f`, `--cid ` | `$FALCON_CID` | `None` (Optional) | CrowdStrike Customer ID (CID). *If not provided, CID will be auto-detected.* | -| `-u`, `--client-id ` | `$FALCON_CLIENT_ID` | `None` (Required) | CrowdStrike API Client ID | -| `-s`, `--client-secret ` | `$FALCON_CLIENT_SECRET` | `None` (Required) | CrowdStrike API Client Secret | -| `-r`, `--region ` | `$FALCON_CLOUD` | `us-1` (Optional) | CrowdStrike Region. \**Auto-discovery is only available for [`us-1, us-2, eu-1`] regions.* | -| `-c`, `--copy ` | `$COPY` | `None` (Optional) | Registry you want to copy the sensor image to. Example: `myregistry.com/mynamespace` | -| `-v`, `--version ` | `$SENSOR_VERSION` | `None` (Optional) | Specify sensor version to retrieve from the registry | -| `-p`, `--platform ` | `$SENSOR_PLATFORM` | `None` (Optional) | Specify sensor platform to retrieve from the registry | +| Flags | Environment Variables | Default | Description | +| :--------------------------------------------- | ----------------------- | ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `-f`, `--cid ` | `$FALCON_CID` | `None` (Optional) | CrowdStrike Customer ID (CID). *If not provided, CID will be auto-detected.* | +| `-u`, `--client-id ` | `$FALCON_CLIENT_ID` | `None` (Required) | CrowdStrike API Client ID | +| `-s`, `--client-secret ` | `$FALCON_CLIENT_SECRET` | `None` (Required) | CrowdStrike API Client Secret | +| `-r`, `--region ` | `$FALCON_CLOUD` | `us-1` (Optional) | CrowdStrike Region. \**Auto-discovery is only available for [`us-1, us-2, eu-1`] regions.* | +| `-c`, `--copy ` | `$COPY` | `None` (Optional) | Registry you want to copy the sensor image to. Example: `myregistry.com/mynamespace` | +| `-v`, `--version ` | `$SENSOR_VERSION` | `None` (Optional) | Specify sensor version to retrieve from the registry | +| `-p`, `--platform ` | `$SENSOR_PLATFORM` | `None` (Optional) | Specify sensor platform to retrieve from the registry | | `-t`, `--type ` | `$SENSOR_TYPE` | `falcon-container` (Optional) | Specify which sensor to download [`falcon-container`, `falcon-sensor`, `falcon-kac`, `falcon-snapshot`, `falcon-imageanalyzer`, `kpagent`, `fcs`] ([see more details below](#sensor-types)) | -| `--runtime` | `$CONTAINER_TOOL` | `docker` (Optional) | Use a different container runtime [docker, podman, skopeo]. **Default is Docker**. | -| `--dump-credentials` | `$CREDS` | `False` (Optional) | Print registry credentials to stdout to copy/paste into container tools | -| `--get-image-path` | N/A | `None` | Get the full image path including the registry, repository, and latest tag for the specified `SENSOR_TYPE`. | -| `--get-pull-token` | N/A | `None` | Get the pull token of the selected `SENSOR_TYPE` for Kubernetes. | -| `--get-cid` | N/A | `None` | Get the CID assigned to the API Credentials. | -| `--list-tags` | `$LISTTAGS` | `False` (Optional) | List all tags available for the selected sensor | -| `--allow-legacy-curl` | `$ALLOW_LEGACY_CURL` | `False` (Optional) | Allow the script to run with an older version of cURL | -| `-h`, `--help` | N/A | `None` | Display help message | +| `--runtime` | `$CONTAINER_TOOL` | `docker` (Optional) | Use a different container runtime [docker, podman, skopeo]. **Default is Docker**. | +| `--dump-credentials` | `$CREDS` | `False` (Optional) | Print registry credentials to stdout to copy/paste into container tools | +| `--get-image-path` | N/A | `None` | Get the full image path including the registry, repository, and latest tag for the specified `SENSOR_TYPE`. | +| `--get-pull-token` | N/A | `None` | Get the pull token of the selected `SENSOR_TYPE` for Kubernetes. | +| `--get-cid` | N/A | `None` | Get the CID assigned to the API Credentials. | +| `--list-tags` | `$LISTTAGS` | `False` (Optional) | List all tags available for the selected sensor | +| `--allow-legacy-curl` | `$ALLOW_LEGACY_CURL` | `False` (Optional) | Allow the script to run with an older version of cURL | +| `-h`, `--help` | N/A | `None` | Display help message | --- > **Note**: **Internal flags are for CrowdStrike internal use only. Internal flags do not provide any functionality to end customers.** -| Internal Flags | Environment Variables | Default | Description | -|:-----------------------------------------------|-------------------------|----------------------------|------------------------------------------------------------------------------------------| -| `--internal-build-stage ` | `$BUILD_STAGE` | `release` (Optional) | Falcon Build Stage [`release, stage`] | +| Internal Flags | Environment Variables | Default | Description | +| :------------------------------------- | --------------------- | -------------------- | ------------------------------------- | +| `--internal-build-stage ` | `$BUILD_STAGE` | `release` (Optional) | Falcon Build Stage [`release, stage`] | --- @@ -136,15 +136,15 @@ Help Options: The following sensor types are available to download: -| Sensor Image Name | Description | -|:-------------|:------------| -| `falcon-sensor` | The Falcon sensor for Linux as a DaemonSet deployment | -| `falcon-container` **(default)** | The Falcon Container sensor for Linux | -| `falcon-kac` | The Falcon Kubernetes Admission Controller | -| `falcon-snapshot` | The Falcon Snapshot scanner | -| `falcon-imageanalyzer` | The Falcon Image Assessment at Runtime | -| `kpagent` | The Falcon Kubernetes Protection Agent | -| `fcs` | The Falcon Cloud Security CLI tool | +| Sensor Image Name | Description | +| :------------------------------- | :---------------------------------------------------- | +| `falcon-sensor` | The Falcon sensor for Linux as a DaemonSet deployment | +| `falcon-container` **(default)** | The Falcon Container sensor for Linux | +| `falcon-kac` | The Falcon Kubernetes Admission Controller | +| `falcon-snapshot` | The Falcon Snapshot scanner | +| `falcon-imageanalyzer` | The Falcon Image Assessment at Runtime | +| `kpagent` | The Falcon Kubernetes Protection Agent | +| `fcs` | The Falcon Cloud Security CLI tool | ### Examples diff --git a/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh b/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh index 3aa43bd..085104c 100755 --- a/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh +++ b/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh @@ -6,7 +6,7 @@ Description: Bash script to copy Falcon DaemonSet Sensor, Container Sensor, Kube set -e -VERSION="1.7.0" +VERSION="1.7.1" usage() { echo "Usage: $0 [options] diff --git a/bash/install/README.md b/bash/install/README.md index 083f62f..78b8b1d 100644 --- a/bash/install/README.md +++ b/bash/install/README.md @@ -94,7 +94,7 @@ The installer is AWS SSM aware, if `FALCON_CLIENT_ID` and `FALCON_CLIENT_SECRET` Usage: falcon-linux-install.sh [-h|--help] Installs and configures the CrowdStrike Falcon Sensor for Linux. -Version: 1.7.0 +Version: 1.7.1 This script recognizes the following environmental variables: @@ -191,7 +191,7 @@ To download and run the script directly: ```bash export FALCON_CLIENT_ID="XXXXXXX" export FALCON_CLIENT_SECRET="YYYYYYYYY" -curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash/install/falcon-linux-install.sh | bash +curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/bash/install/falcon-linux-install.sh | bash ``` Alternatively, download the script and run it locally: @@ -199,7 +199,7 @@ Alternatively, download the script and run it locally: ```bash export FALCON_CLIENT_ID="XXXXXXX" export FALCON_CLIENT_SECRET="YYYYYYYYY" -curl -O https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash/install/falcon-linux-install.sh +curl -O https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/bash/install/falcon-linux-install.sh bash falcon-linux-install.sh ``` @@ -216,7 +216,7 @@ FALCON_CLIENT_ID="XXXXXXX" FALCON_CLIENT_SECRET="YYYYYYYYY" bash falcon-linux-in ```bash export FALCON_CLIENT_ID="XXXXXXX" export FALCON_CLIENT_SECRET="YYYYYYYYY" -curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash/install/falcon-linux-install.sh | bash +curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/bash/install/falcon-linux-install.sh | bash ``` #### Install the Falcon Sensor with the previous version (n-1) @@ -225,7 +225,7 @@ curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash export FALCON_CLIENT_ID="XXXXXXX" export FALCON_CLIENT_SECRET="YYYYYYYYY" export FALCON_SENSOR_VERSION_DECREMENT=1 -curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash/install/falcon-linux-install.sh | bash +curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/bash/install/falcon-linux-install.sh | bash ``` #### Create a Golden Image @@ -234,7 +234,7 @@ curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash export FALCON_CLIENT_ID="XXXXXXX" export FALCON_CLIENT_SECRET="YYYYYYYYY" export PREP_GOLDEN_IMAGE="true" -curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash/install/falcon-linux-install.sh | bash +curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/bash/install/falcon-linux-install.sh | bash ``` ## Uninstall Script @@ -243,7 +243,7 @@ curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash Usage: falcon-linux-uninstall.sh [-h|--help] Uninstalls the CrowdStrike Falcon Sensor from Linux operating systems. -Version: 1.7.0 +Version: 1.7.1 The script recognizes the following environmental variables: @@ -290,13 +290,13 @@ This script recognizes the following argument: To download and run the script directly ```bash -curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash/install/falcon-linux-uninstall.sh | bash +curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/bash/install/falcon-linux-uninstall.sh | bash ``` Alternatively, download the script and run it locally ```bash -curl -O https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash/install/falcon-linux-uninstall.sh +curl -O https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/bash/install/falcon-linux-uninstall.sh bash falcon-linux-uninstall.sh ``` @@ -305,7 +305,7 @@ bash falcon-linux-uninstall.sh #### Uninstall the Falcon Sensor ```bash -curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash/install/falcon-linux-uninstall.sh | bash +curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/bash/install/falcon-linux-uninstall.sh | bash ``` #### Uninstall and remove the host from the Falcon console @@ -314,7 +314,7 @@ curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash export FALCON_CLIENT_ID="XXXXXXX" export FALCON_CLIENT_SECRET="YYYYYYYYY" export FALCON_REMOVE_HOST="true" -curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash/install/falcon-linux-uninstall.sh | bash +curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/bash/install/falcon-linux-uninstall.sh | bash ``` ## Troubleshooting @@ -328,5 +328,5 @@ bash -x falcon-linux-install.sh or ```bash -curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/bash/install/falcon-linux-install.sh | bash -x +curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/bash/install/falcon-linux-install.sh | bash -x ``` diff --git a/bash/install/falcon-linux-install.sh b/bash/install/falcon-linux-install.sh index eacd8f1..e08da4c 100755 --- a/bash/install/falcon-linux-install.sh +++ b/bash/install/falcon-linux-install.sh @@ -98,7 +98,7 @@ This script recognizes the following argument: EOF } -VERSION="1.7.0" +VERSION="1.7.1" # If -h or --help is passed, print the usage and exit if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then diff --git a/bash/install/falcon-linux-uninstall.sh b/bash/install/falcon-linux-uninstall.sh index c5b3f00..6d07be5 100755 --- a/bash/install/falcon-linux-uninstall.sh +++ b/bash/install/falcon-linux-uninstall.sh @@ -50,7 +50,7 @@ This script recognizes the following argument: EOF } -VERSION="1.7.0" +VERSION="1.7.1" # If -h or --help is passed, print the usage and exit if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then diff --git a/powershell/install/README.md b/powershell/install/README.md index 524785f..e9369e7 100644 --- a/powershell/install/README.md +++ b/powershell/install/README.md @@ -113,7 +113,7 @@ Enable verbose logging To download the script: ```pwsh -Invoke-WebRequest -Uri https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/powershell/install/falcon_windows_install.ps1 -OutFile falcon_windows_install.ps1 +Invoke-WebRequest -Uri https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/powershell/install/falcon_windows_install.ps1 -OutFile falcon_windows_install.ps1 ``` Basic example that will install the sensor with the provided provisioning token @@ -175,7 +175,7 @@ Enable verbose logging To download the script: ```pwsh -Invoke-WebRequest -Uri https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/powershell/install/falcon_windows_uninstall.ps1 -OutFile falcon_windows_uninstall.ps1 +Invoke-WebRequest -Uri https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/powershell/install/falcon_windows_uninstall.ps1 -OutFile falcon_windows_uninstall.ps1 ``` Basic example that will uninstall the sensor with the provided maintenance token diff --git a/powershell/install/falcon_windows_install.ps1 b/powershell/install/falcon_windows_install.ps1 index bb6c4f0..d6659e3 100755 --- a/powershell/install/falcon_windows_install.ps1 +++ b/powershell/install/falcon_windows_install.ps1 @@ -192,7 +192,7 @@ begin { function Invoke-FalconAuth([hashtable] $WebRequestParams, [string] $BaseUrl, [hashtable] $Body, [string] $FalconCloud) { $Headers = @{'Accept' = 'application/json'; 'Content-Type' = 'application/x-www-form-urlencoded'; 'charset' = 'utf-8' } - $Headers.Add('User-Agent', 'crowdstrike-falcon-scripts/1.7.0') + $Headers.Add('User-Agent', 'crowdstrike-falcon-scripts/1.7.1') if ($FalconAccessToken){ $Headers.Add('Authorization', "bearer $($FalconAccessToken)") } diff --git a/powershell/install/falcon_windows_uninstall.ps1 b/powershell/install/falcon_windows_uninstall.ps1 index 9deb56d..73ced48 100755 --- a/powershell/install/falcon_windows_uninstall.ps1 +++ b/powershell/install/falcon_windows_uninstall.ps1 @@ -177,7 +177,7 @@ begin { function Invoke-FalconAuth([hashtable] $WebRequestParams, [string] $BaseUrl, [hashtable] $Body, [string] $FalconCloud) { $Headers = @{'Accept' = 'application/json'; 'Content-Type' = 'application/x-www-form-urlencoded'; 'charset' = 'utf-8' } - $Headers.Add('User-Agent', 'crowdstrike-falcon-scripts/1.7.0') + $Headers.Add('User-Agent', 'crowdstrike-falcon-scripts/1.7.1') if ($FalconAccessToken){ $Headers.Add('Authorization', "bearer $($FalconAccessToken)") } diff --git a/powershell/migrate/README.md b/powershell/migrate/README.md index 2e139d1..e14aea8 100644 --- a/powershell/migrate/README.md +++ b/powershell/migrate/README.md @@ -101,7 +101,7 @@ Enable verbose logging To download the script, run the following command: ```pwsh -Invoke-WebRequest -Uri "https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.0/powershell/migrate/falcon_windows_migrate.ps1" -OutFile "falcon_windows_migrate.ps1" +Invoke-WebRequest -Uri "https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/powershell/migrate/falcon_windows_migrate.ps1" -OutFile "falcon_windows_migrate.ps1" ``` ### Example 1 diff --git a/powershell/migrate/falcon_windows_migrate.ps1 b/powershell/migrate/falcon_windows_migrate.ps1 index 621674d..3a2fdc0 100644 --- a/powershell/migrate/falcon_windows_migrate.ps1 +++ b/powershell/migrate/falcon_windows_migrate.ps1 @@ -272,7 +272,8 @@ function Invoke-FalconUninstall ([hashtable] $WebRequestParams, [string] $Uninst if (Test-Path -Path $UninstallerPathDir) { $UninstallerPath = Get-ChildItem -Path $UninstallerPathDir -Recurse | Where-Object { $_.Name -match $UninstallerName } | ForEach-Object { $_.FullName } | Sort-Object -Descending | Select-Object -First 1 - } else { + } + else { $UninstallerPath = $null } } @@ -984,7 +985,7 @@ function Get-FalconCloud ([string] $xCsRegion) { function Invoke-FalconAuth([hashtable] $WebRequestParams, [string] $BaseUrl, [hashtable] $Body, [string] $FalconCloud) { $Headers = @{'Accept' = 'application/json'; 'Content-Type' = 'application/x-www-form-urlencoded'; 'charset' = 'utf-8' } - $Headers.Add('User-Agent', 'crowdstrike-falcon-scripts/1.7.0') + $Headers.Add('User-Agent', 'crowdstrike-falcon-scripts/1.7.1') try { $response = Invoke-WebRequest @WebRequestParams -Uri "$($BaseUrl)/oauth2/token" -UseBasicParsing -Method 'POST' -Headers $Headers -Body $Body $content = ConvertFrom-Json -InputObject $response.Content