Skip to content

Commit

Permalink
Implements #211
Browse files Browse the repository at this point in the history
  • Loading branch information
@gtheodorio
gtheodorio committed Apr 8, 2024
1 parent 1dfd142 commit 6fec2c6
Show file tree
Hide file tree
Showing 2 changed files with 99 additions and 60 deletions.
79 changes: 50 additions & 29 deletions bash/install/falcon-linux-install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,12 @@ CrowdStrike API credentials are needed to download Falcon sensor. The script rec
- FALCON_CLIENT_ID
- FALCON_CLIENT_SECRET
or
- FALCON_ACCESS_TOKEN (default: unset)
- FALCON_CLOUD (default: auto)
Optional:
- FALCON_CID (default: auto)
- FALCON_CLOUD (default: auto)
- FALCON_SENSOR_VERSION_DECREMENT (default: 0 [latest])
- FALCON_PROVISIONING_TOKEN (default: unset)
- FALCON_SENSOR_UPDATE_POLICY_NAME (default: unset)
Expand All @@ -25,6 +27,7 @@ Optional:
- FALCON_UNINSTALL (default: false)
- FALCON_INSTALL_ONLY (default: false)
- ALLOW_LEGACY_CURL (default: false)
- GET_ACCESS_TOKEN (default: false) possible values: [true|false]
EOF
}

Expand All @@ -33,6 +36,12 @@ main() {
print_usage
exit 1
fi

if [ "$GET_ACCESS_TOKEN" = "true" ]; then
echo "$cs_falcon_oauth_token"
exit 1
fi

echo -n 'Check if Falcon Sensor is running ... '
cs_sensor_is_running
echo '[ Not present ]'
Expand Down Expand Up @@ -621,25 +630,31 @@ aws_instance=$(
fi
)

cs_falcon_client_id=$(
if [ -n "$FALCON_CLIENT_ID" ]; then
echo "$FALCON_CLIENT_ID"
elif [ -n "$aws_instance" ]; then
aws_ssm_parameter "FALCON_CLIENT_ID" | json_value Value 1
else
die "Missing FALCON_CLIENT_ID environment variable. Please provide your OAuth2 API Client ID for authentication with CrowdStrike Falcon platform. Establishing and retrieving OAuth2 API credentials can be performed at https://falcon.crowdstrike.com/support/api-clients-and-keys."
fi
)
if [ -z "$FALCON_ACCESS_TOKEN" ]; then
cs_falcon_client_id=$(
if [ -n "$FALCON_CLIENT_ID" ]; then
echo "$FALCON_CLIENT_ID"
elif [ -n "$aws_instance" ]; then
aws_ssm_parameter "FALCON_CLIENT_ID" | json_value Value 1
else
die "Missing FALCON_CLIENT_ID environment variable. Please provide your OAuth2 API Client ID for authentication with CrowdStrike Falcon platform. Establishing and retrieving OAuth2 API credentials can be performed at https://falcon.crowdstrike.com/support/api-clients-and-keys."
fi
)

cs_falcon_client_secret=$(
if [ -n "$FALCON_CLIENT_SECRET" ]; then
echo "$FALCON_CLIENT_SECRET"
elif [ -n "$aws_instance" ]; then
aws_ssm_parameter "FALCON_CLIENT_SECRET" | json_value Value 1
else
die "Missing FALCON_CLIENT_SECRET environment variable. Please provide your OAuth2 API Client Secret for authentication with CrowdStrike Falcon platform. Establishing and retrieving OAuth2 API credentials can be performed at https://falcon.crowdstrike.com/support/api-clients-and-keys."
cs_falcon_client_secret=$(
if [ -n "$FALCON_CLIENT_SECRET" ]; then
echo "$FALCON_CLIENT_SECRET"
elif [ -n "$aws_instance" ]; then
aws_ssm_parameter "FALCON_CLIENT_SECRET" | json_value Value 1
else
die "Missing FALCON_CLIENT_SECRET environment variable. Please provide your OAuth2 API Client Secret for authentication with CrowdStrike Falcon platform. Establishing and retrieving OAuth2 API credentials can be performed at https://falcon.crowdstrike.com/support/api-clients-and-keys."
fi
)
else
if [ -z "$FALCON_CLOUD" ]; then
die "If setting the FALCON_ACCESS_TOKEN manually, you must also specify the FALCON_CLOUD"
fi
)
fi

cs_falcon_token=$(
if [ -n "$FALCON_PROVISIONING_TOKEN" ]; then
Expand Down Expand Up @@ -701,18 +716,22 @@ proxy=$(
)

cs_falcon_oauth_token=$(
token_result=$(echo "client_id=$cs_falcon_client_id&client_secret=$cs_falcon_client_secret" |
curl -X POST -s -x "$proxy" -L "https://$(cs_cloud)/oauth2/token" \
-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
-H 'User-Agent: crowdstrike-falcon-scripts/1.3.3' \
--dump-header "${response_headers}" \
--data @-)
if [ -n "$FALCON_ACCESS_TOKEN" ]; then
token=$FALCON_ACCESS_TOKEN
else
token_result=$(echo "client_id=$cs_falcon_client_id&client_secret=$cs_falcon_client_secret" |
curl -X POST -s -x "$proxy" -L "https://$(cs_cloud)/oauth2/token" \
-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
-H 'User-Agent: crowdstrike-falcon-scripts/1.3.3' \
--dump-header "${response_headers}" \
--data @-)
handle_curl_error $?
handle_curl_error $?
token=$(echo "$token_result" | json_value "access_token" | sed 's/ *$//g' | sed 's/^ *//g')
if [ -z "$token" ]; then
die "Unable to obtain CrowdStrike Falcon OAuth Token. Response was $token_result"
token=$(echo "$token_result" | json_value "access_token" | sed 's/ *$//g' | sed 's/^ *//g')
if [ -z "$token" ]; then
die "Unable to obtain CrowdStrike Falcon OAuth Token. Response was $token_result"
fi
fi
echo "$token"
)
Expand All @@ -726,7 +745,9 @@ if [ -z "${FALCON_CLOUD}" ]; then
fi
cs_falcon_cloud="${region_hint}"
else
if [ "x${FALCON_CLOUD}" != "x${region_hint}" ]; then
if [ -n "$FALCON_ACCESS_TOKEN" ]; then
:
elif [ "x${FALCON_CLOUD}" != "x${region_hint}" ]; then
echo "WARNING: FALCON_CLOUD='${FALCON_CLOUD}' environment variable specified while credentials only exists in '${region_hint}'" >&2
fi
fi
Expand Down
80 changes: 49 additions & 31 deletions bash/install/falcon-linux-uninstall.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ Crowdstrike API credentials are needed to remove host from the Falcon console
- FALCON_CLIENT_ID
- FALCON_CLIENT_SECRET
or
- FALCON_ACCESS_TOKEN (default: unset)
- FALCON_CLOUD (default: auto)
Optional:
- GET_ACCESS_TOKEN (default: false) possible values: [true|false
Expand All @@ -23,6 +26,12 @@ main() {
print_usage
exit 1
fi

if [ "$GET_ACCESS_TOKEN" = "true" ]; then
echo "$cs_falcon_oauth_token"
exit 1
fi

echo -n 'Removing Falcon Sensor ... '
cs_sensor_remove
echo '[ Ok ]'
Expand Down Expand Up @@ -171,41 +180,50 @@ proxy=$(

if [ -z "$FALCON_REMOVE_HOST" ] || [ "${FALCON_REMOVE_HOST}" = "true" ]; then

cs_falcon_client_id=$(
if [ -n "$FALCON_CLIENT_ID" ]; then
echo "$FALCON_CLIENT_ID"
elif [ -n "$aws_instance" ]; then
aws_ssm_parameter "FALCON_CLIENT_ID" | json_value Value 1
else
die "Missing FALCON_CLIENT_ID environment variable. Please provide your OAuth2 API Client ID for authentication with CrowdStrike Falcon platform. Establishing and retrieving OAuth2 API credentials can be performed at https://falcon.crowdstrike.com/support/api-clients-and-keys."
fi
)

cs_falcon_client_secret=$(
if [ -n "$FALCON_CLIENT_SECRET" ]; then
echo "$FALCON_CLIENT_SECRET"
elif [ -n "$aws_instance" ]; then
aws_ssm_parameter "FALCON_CLIENT_SECRET" | json_value Value 1
else
die "Missing FALCON_CLIENT_SECRET environment variable. Please provide your OAuth2 API Client Secret for authentication with CrowdStrike Falcon platform. Establishing and retrieving OAuth2 API credentials can be performed at https://falcon.crowdstrike.com/support/api-clients-and-keys."
if [ -z "$FALCON_ACCESS_TOKEN" ]; then
cs_falcon_client_id=$(
if [ -n "$FALCON_CLIENT_ID" ]; then
echo "$FALCON_CLIENT_ID"
elif [ -n "$aws_instance" ]; then
aws_ssm_parameter "FALCON_CLIENT_ID" | json_value Value 1
else
die "Missing FALCON_CLIENT_ID environment variable. Please provide your OAuth2 API Client ID for authentication with CrowdStrike Falcon platform. Establishing and retrieving OAuth2 API credentials can be performed at https://falcon.crowdstrike.com/support/api-clients-and-keys."
fi
)

cs_falcon_client_secret=$(
if [ -n "$FALCON_CLIENT_SECRET" ]; then
echo "$FALCON_CLIENT_SECRET"
elif [ -n "$aws_instance" ]; then
aws_ssm_parameter "FALCON_CLIENT_SECRET" | json_value Value 1
else
die "Missing FALCON_CLIENT_SECRET environment variable. Please provide your OAuth2 API Client Secret for authentication with CrowdStrike Falcon platform. Establishing and retrieving OAuth2 API credentials can be performed at https://falcon.crowdstrike.com/support/api-clients-and-keys."
fi
)
else
if [ -z "$FALCON_CLOUD" ]; then
die "If setting the FALCON_ACCESS_TOKEN manually, you must also specify the FALCON_CLOUD"
fi
)
fi

cs_falcon_oauth_token=$(
token_result=$(echo "client_id=$cs_falcon_client_id&client_secret=$cs_falcon_client_secret" |
curl -X POST -s -x "$proxy" -L "https://$(cs_cloud)/oauth2/token" \
-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
-H 'User-Agent: crowdstrike-falcon-scripts/1.3.3' \
--dump-header "${response_headers}" \
--data @-)
handle_curl_error $?
token=$(echo "$token_result" | json_value "access_token" | sed 's/ *$//g' | sed 's/^ *//g')
if [ -z "$token" ]; then
die "Unable to obtain CrowdStrike Falcon OAuth Token. Response was $token_result"
if [ -n "$FALCON_ACCESS_TOKEN" ]; then
token=$FALCON_ACCESS_TOKEN
else
token_result=$(echo "client_id=$cs_falcon_client_id&client_secret=$cs_falcon_client_secret" |
curl -X POST -s -x "$proxy" -L "https://$(cs_cloud)/oauth2/token" \
-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
-H 'User-Agent: crowdstrike-falcon-scripts/1.3.3' \
--dump-header "${response_headers}" \
--data @-)
handle_curl_error $?
token=$(echo "$token_result" | json_value "access_token" | sed 's/ *$//g' | sed 's/^ *//g')
if [ -z "$token" ]; then
die "Unable to obtain CrowdStrike Falcon OAuth Token. Response was $token_result"
fi
fi
echo "$token"
)

Expand Down

0 comments on commit 6fec2c6

Please sign in to comment.