SystemD: Docker
This guide explains how to configure the Falcon Sensor to run as a SystemD service using Docker in non-Kubernetes environments.
Requirements
Section titled “Requirements”- Docker installed and running
- Root or sudo privileges
- A valid CrowdStrike Falcon Customer ID (CID)
- Access to the Falcon container image
Installation Options
Section titled “Installation Options”Option 1: Using the Automated Install Script
Section titled “Option 1: Using the Automated Install Script”The systemd_docker_installer.sh script simplifies installation and configuration:
-
Load or pull the Falcon Sensor image to your host:
Terminal window docker pull myrepo.com/falcon/sensor:1234 -
Run the installer with your specific parameters:
Terminal window systemd_docker_installer.sh --install \--image myrepo.com/falcon/sensor:1234 \--cid ABCDEFabcdef012345-12 \--tags systemd,production
To uninstall later:
systemd_docker_installer.sh --uninstallOption 2: Manual Installation
Section titled “Option 2: Manual Installation”-
Load or pull the Falcon Sensor image to your host:
Terminal window docker pull myrepo.com/falcon/sensor:1234 -
Update the
falcon.confconfiguration file your settings. e.g.:FALCON_CONTAINER_IMAGE=myrepo.com/falcon/sensor:1234FALCON_CID=ABCDEFabcdef012345-12FALCON_TAGS=systemd,production -
Copy the
falcon.confandfalcon.servicefiles to/etc/systemd/system:Terminal window cp falcon.* /etc/systemd/system -
Enable and start the Falcon service:
Terminal window systemctl enable --now falcon.service