chaps3 days ago
Ah Crowdstrike. One of the bigger problems we had at $company deploying the daemon to client servers was that there was (at the time) no config item to change the log file location. So we had a client who'd run out of disk space and IIRC Crowdstrike similarly refused to make any change. I think we "fixed it" by using GDB to change the outfile to a `grep -v` and into the same file.
broknbottle3 days ago
I’m assuming this affects their older kernel module variant. Switch to their bpf version if you must use this snake oil
- CaliforniaKarl3 days ago
  Unfortunately, no.
  From what I've seen, CrowdStrike Falcon installations contain both the BPF components and the kernel module. (I think you can tell which one you're using: if falcon-sensor is running, it's the kernel module; if falcon-sensor-bpf is running, it's BPF.)
  I manage systems running Debian, Ubuntu, RHEL, and Rocky. Newer and older, kernel and BPF. And unfortunately, this issue is present across all of them.
homeonthemtn3 days ago
Anyone have alternatives to clowdstrike they liked?
- Razele3 days ago
  no