Posted on 02-04-2019 03:52 PM
Hello all, I've been tasked with deploying a password to our deployment of CrowdStrike. The engineers as Crowdstrike advised me to create a python script
falcon_password.py
#!/usr/bin/env python
from __future__ import print_function
password = "password"
try:
while True:
print(password)
except IOError:
pass
and then execute this command against it
./falcon_password.py | sudo /Library/CS/falconctl installguard
I am not sure how to deploy this without the "falcon_password.py" file being available in plaintext on the target computer. The file has the password in plaintext.
Solved! Go to Solution.
Posted on 02-13-2019 01:13 PM
We use the following to install and set the password
#!/bin/bash
expect <<- DONE
set timeout -1
spawn sudo /Library/CS/falconctl license licensenumber --password
expect "Falcon Password:"
send -- "password"
send
expect "Confirm Falcon Password:"
send -- "password"
send
expect eof
DONE
This will mimic an interactive session via terminal to apply the license and set the password. You could modify this to just set the password.
Posted on 02-04-2019 04:36 PM
Two thoughts come to mind depending on your security requirements.
1) Deploy it with JAMF and use one of the script variables in the script. Which means only someone who has access to the JAMF policies would have access to the password. I could see this still having issues with some security groups and teams.
2) Use encrypted parameters - https://github.com/jamf/Encrypted-Script-Parameters
Posted on 02-13-2019 12:58 PM
I'm feeling like a complete novice here. I'll admit, I know next to nothing about python. So feel free to talk to me like a noob.
I have a package that copies "falcon_password.py" to /Library/CS. That is successful
The python script
#!/usr/bin/env python from future import print_function password = "HelloWorld" try: while True: print(password) except IOError: pass
I have a shell script, falcon_password.sh
#!/bin/bash /Library/CS/falcon_password.py | sudo /Library/CS/falconctl installguard
I use Jamf Remote to execute the script, it runs like it was successful, but when I try to uninstall falcon from terminal it still does not prompt me for the password. I have no idea what I ma doing wrong.
Posted on 02-13-2019 01:13 PM
We use the following to install and set the password
#!/bin/bash
expect <<- DONE
set timeout -1
spawn sudo /Library/CS/falconctl license licensenumber --password
expect "Falcon Password:"
send -- "password"
send
expect "Confirm Falcon Password:"
send -- "password"
send
expect eof
DONE
This will mimic an interactive session via terminal to apply the license and set the password. You could modify this to just set the password.
Posted on 02-13-2019 02:39 PM
Thanks Afarnsworth!!! You are a Godsend.
I had to modify it some since the deployed agents are already licensed.
For anyone using this example, HelloWorld is a fake password in place of whatever real password you are using.
#!/bin/bash expect <<- DONE set timeout -1 spawn sudo /Library/CS/falconctl installguard --password expect "Falcon Password:" send -- "HelloWorld" send expect "Confirm Falcon Password:" send -- "HelloWorld" send expect eof DONE