Need help - update CrowdStrike Falcon password

ferrispd
New Contributor III

Hello all, I've been tasked with deploying a password to our deployment of CrowdStrike. The engineers as Crowdstrike advised me to create a python script

falcon_password.py

#!/usr/bin/env python

from __future__ import print_function
password = "password"
try:
    while True:
        print(password)
except IOError:
    pass

and then execute this command against it
./falcon_password.py | sudo /Library/CS/falconctl installguard

I am not sure how to deploy this without the "falcon_password.py" file being available in plaintext on the target computer. The file has the password in plaintext.

1 ACCEPTED SOLUTION

afarnsworth
Contributor

We use the following to install and set the password

#!/bin/bash

expect <<- DONE
  set timeout -1
  spawn sudo /Library/CS/falconctl license licensenumber --password
  expect "Falcon Password:"
  send -- "password"
  send 
  expect "Confirm Falcon Password:"
  send -- "password"
  send 
  expect eof
DONE

This will mimic an interactive session via terminal to apply the license and set the password. You could modify this to just set the password.

View solution in original post

4 REPLIES 4

ShaunRMiller83
Contributor III

Two thoughts come to mind depending on your security requirements.

1) Deploy it with JAMF and use one of the script variables in the script. Which means only someone who has access to the JAMF policies would have access to the password. I could see this still having issues with some security groups and teams.

2) Use encrypted parameters - https://github.com/jamf/Encrypted-Script-Parameters

ferrispd
New Contributor III

I'm feeling like a complete novice here. I'll admit, I know next to nothing about python. So feel free to talk to me like a noob.

I have a package that copies "falcon_password.py" to /Library/CS. That is successful
The python script

#!/usr/bin/env python from future import print_function password = "HelloWorld" try: while True: print(password) except IOError: pass

I have a shell script, falcon_password.sh

#!/bin/bash /Library/CS/falcon_password.py | sudo /Library/CS/falconctl installguard

I use Jamf Remote to execute the script, it runs like it was successful, but when I try to uninstall falcon from terminal it still does not prompt me for the password. I have no idea what I ma doing wrong.

afarnsworth
Contributor

We use the following to install and set the password

#!/bin/bash

expect <<- DONE
  set timeout -1
  spawn sudo /Library/CS/falconctl license licensenumber --password
  expect "Falcon Password:"
  send -- "password"
  send 
  expect "Confirm Falcon Password:"
  send -- "password"
  send 
  expect eof
DONE

This will mimic an interactive session via terminal to apply the license and set the password. You could modify this to just set the password.

ferrispd
New Contributor III

Thanks Afarnsworth!!! You are a Godsend.

I had to modify it some since the deployed agents are already licensed.

For anyone using this example, HelloWorld is a fake password in place of whatever real password you are using.

#!/bin/bash expect <<- DONE set timeout -1 spawn sudo /Library/CS/falconctl installguard --password expect "Falcon Password:" send -- "HelloWorld" send expect "Confirm Falcon Password:" send -- "HelloWorld" send expect eof DONE