crowdstrike.falcon.sensor_download module – Download Falcon Sensor Installer
Note
This module is part of the crowdstrike.falcon collection (version 4.7.0).
To install it, use: ansible-galaxy collection install crowdstrike.falcon
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: crowdstrike.falcon.sensor_download
.
New in crowdstrike.falcon 4.0.0
Synopsis
Downloads the Falcon Sensor Installer by SHA256 hash to the specified path.
This module does not copy the sensor installer to the target host. For that, use the ansible.builtin.copy or ansible.windows.win_copy module.
Requirements
The below requirements are needed on the host that executes this module.
Sensor download [READ] API scope
crowdstrike-falconpy >= 1.3.0
python >= 3.6
Parameters
Parameter |
Comments |
---|---|
The attributes the resulting filesystem object should have. To get supported flags look at the man page for chattr on the target system. This string should contain the attributes in the same order as the one displayed by lsattr. The |
|
The registered result of the crowdstrike.falcon.auth module, or a dictionary containing the access_token and cloud keys. If provided, the client_id, client_secret, member_cid, and cloud options are ignored. Useful when needing to make multiple API calls to avoid rate limiting issues. |
|
The OAuth2 access token to use for authentication. |
|
The CrowdStrike cloud region to use. This can differ from the module’s cloud argument due to autodiscovery. |
|
The CrowdStrike API client ID to use. See the Falcon documentation for more information about API clients. The |
|
The CrowdStrike API secret that corresponds to the client ID. See the Falcon documentation for more information about API clients. The |
|
The CrowdStrike cloud region to use. All clouds are automatically discovered if not specified, except for the The Choices:
|
|
The directory path to save the Falcon Sensor Installer. If not specified, a temporary directory will be created using the system’s default temporary directory. |
|
Extended headers that are prepended to the default headers dictionary. |
|
Name of the group that should own the filesystem object, as would be fed to chown. When left unspecified, it uses the current group of the current user unless you are root, in which case it can preserve the previous ownership. |
|
The SHA256 hash of the Falcon Sensor Installer to download. This can be obtained from the |
|
The CrowdStrike member CID for MSSP authentication. See the Falcon documentation for more information about API clients. The |
|
The permissions the resulting filesystem object should have. For those used to /usr/bin/chmod remember that modes are actually octal numbers. You must give Ansible enough information to parse them correctly. For consistent results, quote octal numbers (for example, Giving Ansible a number without following either of these rules will end up with a decimal number which will have unexpected results. As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, If If Specifying |
|
The name to save the Falcon Sensor Installer as. If not specified, it will default to the name of the Falcon Sensor Installer. Example: falcon-sensor_6.78.9-12345.deb |
|
Name of the user that should own the filesystem object, as would be fed to chown. When left unspecified, it uses the current user unless you are root, in which case it can preserve the previous ownership. Specifying a numeric username will be assumed to be a user ID and not a username. Avoid numeric usernames to avoid this confusion. |
|
The level part of the SELinux filesystem object context. This is the MLS/MCS attribute, sometimes known as the When set to |
|
The role part of the SELinux filesystem object context. When set to |
|
The type part of the SELinux filesystem object context. When set to |
|
The user part of the SELinux filesystem object context. By default it uses the When set to |
|
Influence when to use atomic operation to prevent data corruption or inconsistent reads from the target filesystem object. By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target filesystem objects, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted filesystem objects, which cannot be updated atomically from inside the container and can only be written in an unsafe manner. This option allows Ansible to fall back to unsafe methods of updating filesystem objects when atomic operations fail (however, it doesn’t force Ansible to perform unsafe writes). IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption. Choices:
|
|
Custom User-Agent string to use for requests to the API. The user agent string is prepended to the default user agent string ( See RFC 7231 for more information. The |
Notes
Note
This module implements file locking to ensure safe concurrent downloads by preventing multiple instances from accessing the same file simultaneously. As a result, a temporary 0-byte .lock file will be created in the same directory as the downloaded file. If needed, this lock file can be safely removed in a subsequent task after the download completes.
Examples
- name: Download the Falcon Sensor Installer
crowdstrike.falcon.sensor_download:
hash: "1234567890123456789012345678901234567890123456789012345678901234"
- name: Download Windows Sensor Installer with custom name
crowdstrike.falcon.sensor_download:
hash: "1234567890123456789012345678901234567890123456789012345678901234"
dest: "/tmp/windows"
name: falcon-sensor.exe
- name: Download the Falcon Sensor Installer to a temporary directory and set permissions
crowdstrike.falcon.sensor_download:
hash: "1234567890123456789012345678901234567890123456789012345678901234"
mode: "0644"
owner: "root"
group: "root"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The full path of the downloaded Falcon Sensor Installer. Returned: success Sample: |