Comments (14)
@txsastre Glad to hear its working for you and you are using Ansible to manage your systems! If you feel like there are things missing, especially on the windows side, please open an issue requesting it!
from ansible_collection_falcon.
Possible issues here might be surrounding installation/provisioning tokens. Please make sure you check what is required on your end for installing a sensor and provide the appropriate installation args.
Take Ansible out of the equation, try to install the sensor via a powershell prompt and see what happens.
from ansible_collection_falcon.
Tried with powershell
WindowsSensor.exe /install /quiet /norestart CID=YOUR_CID MAINTENANCE_TOKEN=YOUR_REVEALED_TOKEN
And it has installed crowdstrike OK.
The playbook is as follows:
---
- hosts: all
roles:
- role: crowdstrike.falcon.falcon_install
vars:
falcon_install_method: url
falcon_download_url: 'https://url-download/FalconSensors/Windows/WindowsSensor.LionLanner.exe'
falcon_download_url_username: 'url-user'
falcon_download_url_password: 'url-pass'
falcon_cid: '123412341234123412341234123412341-12'
falcon_client_secret: '123412341'
from ansible_collection_falcon.
also I left the "unfinished playbook" running, and now I see
"FAILED - RETRYING: [192.168.70.162]: CrowdStrike Falcon | Install Falcon Sensor .exe Package (Windows) (10 retries left)."
from ansible_collection_falcon.
Tried again with verbose and I can see this
FAILED - RETRYING: [192.168.70.162]: CrowdStrike Falcon | Install Falcon Sensor .exe Package (Windows) (2 retries left).Result was: {
"attempts": 1,
"changed": false,
"invocation": {
"module_args": {
"arguments": "/install /quiet CID=8A3EFADB098A4EABAA3F441B1B137EFB-E8 /norestart",
"chdir": null,
"client_cert": null,
"client_cert_password": null,
"creates_path": null,
"creates_service": "csfalconservice",
"creates_version": null,
"expected_return_code": [
0,
3010
],
"follow_redirects": "safe",
"force_basic_auth": false,
"headers": null,
"http_agent": "ansible-httpget",
"log_path": null,
"maximum_redirection": 50,
"path": "C:\\Windows\\Temp\\ansible.yysrtj0e.udufalcon\\WindowsSensor.LionLanner.exe",
"product_id": null,
"provider": "auto",
"proxy_password": null,
"proxy_url": null,
"proxy_use_default_credential": false,
"proxy_username": null,
"state": "present",
"url_method": null,
"url_password": null,
"url_timeout": 30,
"url_username": null,
"use_default_credential": false,
"use_proxy": true,
"validate_certs": true,
"wait_for_children": false
}
},
"msg": "unexpected rc from 'C:\\Windows\\Temp\\ansible.yysrtj0e.udufalcon\\WindowsSensor.LionLanner.exe /install /quiet CID=8A3EFADB098A4EABAA3F441B1B137EFB-E8 /norestart': see rc, stdout, and stderr for more details",
"rc": 1244,
"reboot_required": false,
"retries": 3,
"stderr": "",
"stderr_lines": [],
"stdout": "",
"stdout_lines": []
searched here https://learn.microsoft.com/en-us/windows/win32/debug/system-error-codes--1000-1299-
"ERROR_NOT_AUTHENTICATED
1244 (0x4DC)
The operation being requested was not performed because the user has not been authenticated."
I really don't understand.
from ansible_collection_falcon.
Please refer to the role documentation. You have to specify additional install/uninstall args. Look at falcon_windows_install_args
from ansible_collection_falcon.
also tried with standard ansible, with no crowdstrike collection
---
- name: Tasks to download file
hosts: all
gather_facts: no
tasks:
- name: Download CrowdStrike
ansible.windows.win_get_url:
url: http://192.168.70.134/software/WindowsSensor.LionLanner.exe
dest: c:\temp
force: false
- name: Install CrowdStrike
win_shell: 'c:\temp\WindowsSensor.LionLanner.exe /install /quiet /norestart CID=12342134123412341234123412341234-12'
Fun fact is meanwhile is "stuck" I can see that the sensor is running, and the other fact is after 20 minutes "stuck" it has finally stopped, but the sensor has gone too.
from ansible_collection_falcon.
@txsastre The only time you showed me a working example is when you passed in a token. I would suggest you do the same via ansible.
from ansible_collection_falcon.
ok, tried with token, same luck, it gets stuck
---
- name: Tasks to download file
hosts: all
gather_facts: no
tasks:
- name: Download CrowdStrike
ansible.windows.win_get_url:
url: http://192.168.70.134/software/WindowsSensor.LionLanner.exe
dest: c:\temp
force: false
- name: Install CrowdStrike
win_shell: 'c:\temp\WindowsSensor.LionLanner.exe /install /quiet /norestart CID=12342134123412341234123412341234-12 MAINTENANCE_TOKEN=123456789'
from ansible_collection_falcon.
I don't think that's the correct argument. Try ProvToken=
Also, check the installation logs on the system if it still isn't working. Most of this stuff should be in the sensor installation documentation for more clarity.
from ansible_collection_falcon.
Good morning!
That was the problem, I replaced MAINTENANCE_TOKEN with ProvToken and it worked fine! Thank you very much for your help !
Tried in my lab with 3 servers at once and the agent was installed in 2 minutes in total :D
EDIT: the equivalent of ProvToken in the crowdstrike vars is falcon_provisioning_token
But seems that still gets stuck.
This is my actual playbook with crowdstrike collection
---
- hosts: all
roles:
- role: crowdstrike.falcon.falcon_install
vars:
falcon_install_method: url
falcon_download_url: 'http://192.168.70.134/software/WindowsSensor.LionLanner.exe'
falcon_client_id: '123412341234123412341234123412341-12'
falcon_cid: '123412341234123412341234123412341-12'
falcon_provisioning_token: '123412341'
falcon_windows_install_retries: 2
falcon_windows_install_delay: 10
falcon_windows_become_method: runas
And the other one with ansible.windows.win_package. Still doing more tests but this one is working.
---
- name: Tasks to install CrowdStrike
hosts: all
gather_facts: no
tasks:
- name: Download CrowdStrike
ansible.windows.win_get_url:
url: http://192.168.70.134/software/WindowsSensor.LionLanner.exe
dest: c:\temp
force: false
- name: Install CrowdStrike
ansible.windows.win_package:
path: c:\temp\WindowsSensor.LionLanner.exe
product_id: '123412341234123412341234123412341-12'
arguments: '/install /quiet /norestart CID=123412341234123412341234123412341-12 ProvToken=123412341'
state: present
vars:
ansible_become_method: runas
from ansible_collection_falcon.
@txsastre Perhaps you missed my last post about consulting the role's README. This should be the variable you are looking for, along with all the other variables the role accepts.
Try the following in your playbook:
---
- hosts: all
roles:
- role: crowdstrike.falcon.falcon_install
vars:
falcon_install_method: url
falcon_download_url: 'http://192.168.70.134/software/WindowsSensor.LionLanner.exe'
falcon_client_id: '123412341234123412341234123412341-12'
falcon_cid: '123412341234123412341234123412341-12'
falcon_windows_install_args: '/norestart ProvToken=D0B1BD55'
from ansible_collection_falcon.
You were right, with falcon_windows_install_args: '/norestart ProvToken=123412341' works.
The problem was that I thought that falcon_provisioning_token: '123412341' was where the token should go.
Thank you very much, tested with 2019 and 2012, everything OK !
PS. if you don't mind, could you change the values in you post related to "falcon_windows_install_args: '/norestart ProvToken" ?
from ansible_collection_falcon.
Thanks for your help, we could install crowdstrike in 40 servers .
Also it has been useful to start using ansible to our management.
from ansible_collection_falcon.
Related Issues (20)
- Instaltion method API (Windows) HOT 2
- Uninstall - Win Error HOT 5
- Uninstall role also to remove nodes from console HOT 2
- Installation fails on Ubuntu 22.04 with ansible.legacy.apt parameter 'allow_downgrade' HOT 6
- ruff errors on 3.3.1
- Removing AID failing in crowdstrike.falcon.falcon_configure HOT 3
- Consider using our own revoke token API call
- Consider update Ansible version support
- v3 new release prep
- Update Required Ansible Version
- Update module url links
- missing win_auth.yml in 4.x HOT 1
- CrowdStrike Falcon | Authenticate to CrowdStrike API - Sorry, try again HOT 9
- Test instances clutter up the Integration SA CID
- Add user-agent string to EDA
- Failed to generate access token for customer HOT 7
- Can't add collection to execution environment for Ansible Automation Platform HOT 6
- Required changes for Red Hat certification HOT 1
- Having issues installing crowdstrike with galaxy HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible_collection_falcon.