Item id: 45543007
3 days ago
Ah Crowdstrike. One of the bigger problems we had at $company deploying the daemon to client servers was that there was (at the time) no config item to change the log file location. So we had a client who'd run out of disk space and IIRC Crowdstrike similarly refused to make any change. I think we "fixed it" by using GDB to change the outfile to a `grep -v` and into the same file.
3 days ago
I’m assuming this affects their older kernel module variant. Switch to their bpf version if you must use this snake oil
3 days ago
Unfortunately, no.
From what I've seen, CrowdStrike Falcon installations contain both the BPF components and the kernel module. (I think you can tell which one you're using: if falcon-sensor is running, it's the kernel module; if falcon-sensor-bpf is running, it's BPF.)
I manage systems running Debian, Ubuntu, RHEL, and Rocky. Newer and older, kernel and BPF. And unfortunately, this issue is present across all of them.
3 days ago
Anyone have alternatives to clowdstrike they liked?
3 days ago
no