search

CrowdStrike / falcon-scripts

Scripts to streamline the deployment and use of the CrowdStrike Falcon sensor
The Unlicense
145 stars 85 forks source link

-c Parameter adding "falcon-sensor" to registry name #247

Closed jmckenzie-cs closed 8 months ago

jmckenzie-cs commented 9 months ago

I've noticed when passing the -c parameter the script adds "falcon-sensor" to whatever registry name I enter. I think we should update the documentation to state that because if myregistry.com/mynamespace/falcon-sensor does not exist the push will fail.

carlosmmatos commented 9 months ago

@jmckenzie-cs - I created a new empty test repository: quay.io/matosc15/test-namespace

I then ran:

❯ bash bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh -t falcon-sensor -c quay.io/matosc15/test-namespace
Using the following settings:
Falcon Region:   api.us-2.crowdstrike.com
Falcon Registry: registry.crowdstrike.com
7.07.0-16206-1.falcon-linux.x86_64.Release.US-2: Pulling from falcon-sensor/us-2/release/falcon-sensor
178dcd11eb6b: Pull complete 
77bd90c741d5: Pull complete 
e2c70b6a66ae: Pull complete 
Digest: sha256:0467c43647930c898cf097cee87532f2c3621c14ce93951ea04f8a88a5e23b4f
Status: Downloaded newer image for registry.crowdstrike.com/falcon-sensor/us-2/release/falcon-sensor:7.07.0-16206-1.falcon-linux.x86_64.Release.US-2
registry.crowdstrike.com/falcon-sensor/us-2/release/falcon-sensor:7.07.0-16206-1.falcon-linux.x86_64.Release.US-2

What's Next?
  View a summary of image vulnerabilities and recommendations → docker scout quickview registry.crowdstrike.com/falcon-sensor/us-2/release/falcon-sensor:7.07.0-16206-1.falcon-linux.x86_64.Release.US-2
The push refers to repository [quay.io/matosc15/test-namespace/falcon-sensor]
ecdec770a4d5: Pushed 
2e7a0e244d1d: Pushed 
ecd4665cd70d: Pushed 
7.07.0-16206-1.falcon-linux.x86_64.Release.US-2: digest: sha256:0467c43647930c898cf097cee87532f2c3621c14ce93951ea04f8a88a5e23b4f size: 953

Can you perhaps better explain what you tried, or what you are trying to do? Because my testing shows this is working fine and it ends up creating a new repository. Perhaps there is a use case we have not tested.

carlosmmatos commented 9 months ago

I also tried this with just myregistry.com/mynamespace:

❯ bash bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh -t falcon-sensor -c quay.io/matosc15               
Using the following settings:
Falcon Region:   api.us-2.crowdstrike.com
Falcon Registry: registry.crowdstrike.com
7.07.0-16206-1.falcon-linux.x86_64.Release.US-2: Pulling from falcon-sensor/us-2/release/falcon-sensor
Digest: sha256:0467c43647930c898cf097cee87532f2c3621c14ce93951ea04f8a88a5e23b4f
Status: Image is up to date for registry.crowdstrike.com/falcon-sensor/us-2/release/falcon-sensor:7.07.0-16206-1.falcon-linux.x86_64.Release.US-2
registry.crowdstrike.com/falcon-sensor/us-2/release/falcon-sensor:7.07.0-16206-1.falcon-linux.x86_64.Release.US-2

What's Next?
  View a summary of image vulnerabilities and recommendations → docker scout quickview registry.crowdstrike.com/falcon-sensor/us-2/release/falcon-sensor:7.07.0-16206-1.falcon-linux.x86_64.Release.US-2
The push refers to repository [quay.io/matosc15/falcon-sensor]
ecdec770a4d5: Mounted from matosc15/test-namespace/falcon-sensor 
2e7a0e244d1d: Mounted from matosc15/test-namespace/falcon-sensor 
ecd4665cd70d: Mounted from matosc15/test-namespace/falcon-sensor 
7.07.0-16206-1.falcon-linux.x86_64.Release.US-2: digest: sha256:0467c43647930c898cf097cee87532f2c3621c14ce93951ea04f8a88a5e23b4f size: 953

I can confirm that it created quay.io/matosc15/falcon-sensor

carlosmmatos commented 8 months ago

@jmckenzie-cs if you want we can take this offline to further discuss, but since we haven't seen this issue or can't replicate it, going to close this.