Categorygithub.com/crowdstrike/gcp-os-policy
modulepackage
0.1.0-alpha.1
Repository: https://github.com/crowdstrike/gcp-os-policy.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
1
Dependents
0
Files
4 SLOC

# README

cs-policy

A helper tool for deploying CrowdStrike OS Poilcies to GCP Zones. This tool automates many of the manual steps required to create & deploy OS Policies to GCP VMs.

The tool does the following:

  • Downloads the N-1 version of the CrowdStrike Falcon Sensor
  • Uploads the CrowdStrike Falcon Sensors to the GCP Storage Bucket of your choice
  • Generates a OS Policy template for your environment
  • Creates a OS Policy Assignment in the GCP Zones of your choice

terminal

Supported Operating Systems

The CrowdStrike OS Policy currently supports the following operating systems:

Operating SystemArchitecture
Red Hat Enterprise Linux 6x86_64
Red Hat Enterprise Linux 7x86_64
Red Hat Enterprise Linux 8x86_64
Red Hat Enterprise Linux 9x86_64
CentOS 6x86_64
CentOS 7x86_64
CentOS 8x86_64
SUSE Linux Enterprise Server 11x86_64
SUSE Linux Enterprise Server 12x86_64
SUSE Linux Enterprise Server 15x86_64
Ubuntu 16.04x86_64
Ubuntu 18.04x86_64
Ubuntu 20.04x86_64
Ubuntu 22.04x86_64
Debian 9x86_64
Debian 10x86_64
Debian 11x86_64
All Windows Versions supported by the CrowdStrike Sensorx86_64

Note: For supported Windows versions, check the CrowdStrike documentation.

Requirements

  • CrowdStrike API Keys with the Sensor Download scope
  • gcloud cli installed
  • Project with VM Manager setup
  • GCP permissions to create OS Policy Assignments and upload files to the target GCP Storage Bucket

GCP VM Manager

OS Policy is a feature of GCP VM Manager. In order to use OS Policies to deploy the CrowdStrike Falcon Sensor, you must setup VM Manager. See the GCP VM Manager documentation for more information about VM Manager and how to set it up.

Generate API Keys

  1. In the CrowdStrike console, navigate to Support and resources > API Clients & Keys. Click Add new API Client.

  2. Add the following api scopes:

    ScopePermissionDescription
    Sensor DownloadREADAllows the tool to download the sensor and grab your CID from the CrowdStrike API.

  3. Click Add to create the API client. The next screen will display the API CLIENT ID, SECRET, and BASE URL. You will need all three for the next step.

    picture

    api-client-keys

Note: This page is only shown once. Make sure you copy CLIENT ID, SECRET, and BASE URL to a secure location.

Installation

Download release binaries that match your platform

Usage

  1. Authenticate with the gcloud CLI.

    gcloud auth application-default login

Note: There are other ways to authenticate with GCP like using a service account. Use whichever method is best for your environment. The cs-policy tool will find the credentials and use them.

  1. Set the project to the project you want to deploy the OS Policies to.

    gcloud config set project cs-policy

  2. OPTIONAL: Export the CrowdStrike API keys as environment variables. Alternatively you can provide the keys as command line arguments.

    export FALCON_CLIENT_ID=cs-policy
export FALCON_CLIENT_SECRET=cs-policy
export FALCON_CLOUD=cs-policy

  3. Run the tool.

    cs-policy create --bucket=example-bucket --zones=us-central1-a,us-central1-b --linux-install-params='--tags="Washington/DC_USA,Production" --aph=proxy.example.com --app=8080' --windows-install-params='GROUPING_TAGS="Washington/DC_USA,Production" APP_PROXYNAME=proxy.example.com APP_PROXYPORT=8080'

    Use the --help flag to see all available options and more examples.

    cs-policy --help

# Packages

No description provided by the author