Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Need help - update CrowdStrike Falcon password

Hello all, I've been tasked with deploying a password to our deployment of CrowdStrike. The engineers as Crowdstrike advised me to create a python script

falcon_password.py

#!/usr/bin/env python

from __future__ import print_function
password = "password"
try:
    while True:
        print(password)
except IOError:
    pass

and then execute this command against it
./falcon_password.py | sudo /Library/CS/falconctl installguard

I am not sure how to deploy this without the "falcon_password.py" file being available in plaintext on the target computer. The file has the password in plaintext.

Like Comment
Order by:
SOLVED Posted: by ShaunRMiller83

Two thoughts come to mind depending on your security requirements.

1) Deploy it with JAMF and use one of the script variables in the script. Which means only someone who has access to the JAMF policies would have access to the password. I could see this still having issues with some security groups and teams.

2) Use encrypted parameters - https://github.com/jamf/Encrypted-Script-Parameters

Like
SOLVED Posted: by ferrispd

I'm feeling like a complete novice here. I'll admit, I know next to nothing about python. So feel free to talk to me like a noob.

I have a package that copies "falcon_password.py" to /Library/CS. That is successful
The python script

#!/usr/bin/env python from future import print_function password = "HelloWorld" try: while True: print(password) except IOError: pass

I have a shell script, falcon_password.sh

#!/bin/bash /Library/CS/falcon_password.py | sudo /Library/CS/falconctl installguard

I use Jamf Remote to execute the script, it runs like it was successful, but when I try to uninstall falcon from terminal it still does not prompt me for the password. I have no idea what I ma doing wrong.

Like
SOLVED Posted: by afarnsworth

We use the following to install and set the password

#!/bin/bash

expect <<- DONE
  set timeout -1
  spawn sudo /Library/CS/falconctl license licensenumber --password
  expect "Falcon Password:"
  send -- "password"
  send \r
  expect "Confirm Falcon Password:"
  send -- "password"
  send \r
  expect eof
DONE

This will mimic an interactive session via terminal to apply the license and set the password. You could modify this to just set the password.

Like
SOLVED Posted: by ferrispd

Thanks Afarnsworth!!! You are a Godsend.

I had to modify it some since the deployed agents are already licensed.

For anyone using this example, HelloWorld is a fake password in place of whatever real password you are using.

#!/bin/bash expect <<- DONE set timeout -1 spawn sudo /Library/CS/falconctl installguard --password expect "Falcon Password:" send -- "HelloWorld" send \r expect "Confirm Falcon Password:" send -- "HelloWorld" send \r expect eof DONE
Like