Open
Description
Steps to reproduce this:
- Have CrowdStrike Falcon sensor already installed on target host.
- Target host's CrowdStrike Falcon sensor is part of and has received the Sensor update policy that has the option of "Uninstall and maintenance protection" enabled.
- Target host's CrowdStrike Falcon sensor should be on a version that supports the "Uninstall and maintenance protection" in the Update policy.
- Target host's CrowdStrike package should be a version other than the one set in the targeted update policy. I.E.: Update policy says N-2, then it needs to be any version except N-2 so that it needs to be updated or downgraded.
- Run the role crowdstrike.falcon.falcon_install against the target host with the appropriate API keys that has the correct permission
Problem and error
When the playbook gets to this step TASK [crowdstrike.falcon.falcon_install : CrowdStrike Falcon | Install Falcon Sensor Package (Linux)] *** the task results in a fatal error:
{
"failures": [
[
"error: lsetfilecon: (59 /opt/CrowdStrike, system_u:object_r:usr_t:s0) Operation not permitted",
"error: Plugin selinux: hook fsm_file_prepare failed"
]
],
"results": [],
"rc": 1,
"msg": "Failed to install some of the specified packages",
"invocation": {
"module_args": {
"name": [
"/tmp/falcon-sensor/falcon-sensor-7.23.0-17607.el8.x86_64.rpm"
],
"allow_downgrade": false,
"state": "present",
"autoremove": false,
"bugfix": false,
"cacheonly": false,
"disable_gpg_check": false,
"disable_plugin": [],
"disablerepo": [],
"download_only": false,
"enable_plugin": [],
"enablerepo": [],
"exclude": [],
"installroot": "/",
"install_repoquery": true,
"install_weak_deps": true,
"security": false,
"skip_broken": false,
"update_cache": false,
"update_only": false,
"validate_certs": true,
"sslverify": true,
"lock_timeout": 30,
"allowerasing": false,
"nobest": false,
"use_backend": "auto",
"conf_file": null,
"disable_excludes": null,
"download_dir": null,
"list": null,
"releasever": null
}
},
"_ansible_no_log": false,
"changed": false
}Expected proper outcome
ONE of the following should instead be the result:
- Properly fail without fatal error and 4E1E stop attempts to update/reinstall proper version without killing the playbook
- Recovery from that failure step, and attempt to obtain the maintenance token from host or policy and apply maintenance token.
- Preemptively detect that the host already has CrowdStrike installed, running, and targeted with an update policy preventing changes and skip the host from further installation/uninstallation actions.
- Preemptively detect that the host already has CrowdStrike installed, running, and targeted with an update policy preventing changes and apply the maintenance token before proceeding with any actions.
Metadata
Metadata
Assignees
Labels
No labels