Updated expired gpg key (#361)

* Updated expired gpg key * Added back old gpg key for backwards compat. Updated README to reflect proper variable to control gpg checking. Also updated to reflect ability to manage multiple gpg keys to import. * Only install latest key for apt based systems
CrowdStrike · Jun 30, 2023 · 43e0580 · 43e0580
1 parent 2e0dbb0
commit 43e0580
Show file tree

Hide file tree

Showing 5 changed files with 91 additions and 33 deletions.
diff --git a/roles/falcon_install/README.md b/roles/falcon_install/README.md
@@ -18,7 +18,7 @@ The following variables are currently supported:
  * `falcon_skip_kernel_compat_check` - Whether or not to ignore errors associated with unsupported Falcon Sensor/Kernel combination. (bool, default: false)
  * `falcon_allow_downgrade` - Whether or not to allow downgrading the sensor version. (bool, default: false)
  * `falcon_install_method` - The installation method for installing the sensor (string, default: api)
- * `falcon_gpg_key` - Location of the Falcon GPG Key file (string, default: null)
+ * `falcon_gpg_key_check` - Whether or not to verify the Falcon sensor Linux based package (bool, default: true)
  * `falcon_cloud` - CrowdStrike API URL for downloading the Falcon sensor (string, default: `api.crowdstrike.com`)
  * `falcon_cloud_autodiscover` - Auto-discover CrowdStrike API Cloud region (bool, default: true)
  * `falcon_cid` - Manually specify CrowdStrike Customer ID for Windows installations (string, default: null)

diff --git a/roles/falcon_install/files/falcon-sensor.gpg b/roles/falcon_install/files/falcon-sensor.gpg
@@ -1,29 +1,52 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-mQINBGDaIBgBEADXSeElUO9NmPLhkSzeN7fGW1MRbNwxgHdo+UYt9R98snUEjXqV
-benyCOlLGjxUiVv3S+k6LQ3RyFubDINWyUI2kQhHFIPkniR1wmeMMIqncPVBdpEG
-Mi9F6aLg2Xkhz1tEWPkXWqXVo67jgCMFn3SAMYY1EO9HCXxj6OTa6IMbtqq1+3DR
-0SgNY25lD51cJ8/FdXn1HxgQ7n5G+cNB7KDaSSOkazJTnOx68x1EI9ZFUNBPNEhx
-W9SSuzYFrJNL06byIlTomQULfsfRMm7kSCU0Tp/osT5QKwh1q/+RUm4VwITXY1t2
-j+C31QPnysg3lJsop2b5ySpolPeKW8A9dyos3nFNSX3+flZJfyKcd9NlVf2tTqXk
-LbOWvrrcCdyslX5BWKLtDR9if79nB8QI+yQPDbcEsOFS9d2c8wj1eIimSK+VH/nG
-fit9QR0DS+o9HwwK33dZfXI7KbQy47nPl+ewaady2H8S8pXxTdMycwc7w+QOy/XK
-5A+yPR8XOkUieMFJ4PVj48hUIvPWBlxIde4IFi865zv7A3nxwgZ5YzYCbKJg4dJd
-9Ptmknd5+1TDjG3e91ZAHUt9bBRzEdXbpRUr3YwecDNcj0Twu4SbT/wZ2pZsbMGi
-QxAhkRAKCp+Oyjz8Al6F4opDnkY4krpcr1FkkSof0+XzE01L6YSC2Qca0wARAQAB
+mQINBGSd0wUBEADMlHjRUp7XEQf49xjlbyV/M6wv9rHvMg3NONypwSVSWndo7x1u
+hnDcUeVFNv3AfMMM4c2+fNVdk8e5EN3rvU1+gsPwlj5rh0WHYldKqIfnjrZqnj2Y
+ukDftSlpETgaIZFN0udg2HWGgZSViENldz8CDN4Q0oGF3s6GkhRpZA7ik7+EpbUf
+vsvSfLKGUzREf8NGChmqjm7seoPiBVbU3uzALjDlHh1DHpHzk3obm+NEAi/t7+jj
+6UWUox31Ta+lI4gzkfpiSxhduAe4HyIBaQ4pa0qCbfEt8ZII0RjMcppW7URlr3au
+0nyQBphn/L6c3jdO3FFPKen31EucOYuVz4KSyAFr67UQl9nLlULuH3O78lkGBnNK
+O33kkU1eGEavx/GfXwWCJd1tM8lCB0lLpvgvYN3q+/EvD/QDE/8cj117Z2U1lKY4
+eT/d8yDJTM5ZerRZLEBH8nh+2Q4hOgyPvawN2x2YbIKVQs55mxLQd07OOB5RDov/
+HG3kyeeRxIW+ObDqZq0w2d0zLhU1tANgEiH886L7jRhLik/ZpkWAqnACDLszcaOh
+sRi1ACUMKTp5w5f/kdIVV1JMCxzkF2fzTPmP9nTxXEyHi2VUkKKQyu5b7sLT4EsL
+RDffD3Mck95H+ALFdpeRgEmkgJ3xLi5HwPGWKWbEdOLR+pR1MrGVvdoeCwARAQAB
 tElDcm93ZFN0cmlrZSwgSW5jLiAoZmFsY29uLXNlbnNvciBpbnN0YWxsZXIga2V5
-KSA8c3VwcG9ydEBjcm93ZHN0cmlrZS5jb20+iQJSBBMBCgA8FiEEOFpE/46dUSQL
-X7TARye71VGbF38FAmDaIBgCGwMFCQPCZwAECwkIBwQVCgkIBRYCAwEAAh4FAheA
-AAoJEEcnu9VRmxd/p+cP+gOg6UAOBmG1xRLMxsTH4lmngakWsa6J2d9m3G3K1b7y
-MrweLvyhfP/gCyjd11tmJCV0NeVHGJR10wz7q4t7eP8OdSvWi6F9BtxlXaiacXcY
-YweGBaUIILy0q+GfsZ0ffLXqB6B5R9JRpP8vYv8csPlodgp8jXeOcTmfI/UstjQP
-isTd7cT5yYYTunfZiIUh0ysXeyY6jnkFVTEmZdSlhUJhqnxhvkRgkTrcwGwb08DY
-05KcI5LQMlqwiHV2pTZxEtd6hhlfosciFJLcMoII4Xa9TyiYLRSakf1rcoMkNjMC
-OEu7RauXXcD43IrvID2303WX4RK6jWAEFHZwaFIUo5bZ2MXgufjsiDcEP3Hg1VuN
-UzN69StySNsVCpqQNfMavVpipmMtaFl5tQqMxNDMLiAVLx1m2g9hr4pP3SdKzkPC
-626JM+et4lPDtnHAh05XLSkeJEBawL7cnPHRzuQVA12utD9KvYC0D2+WLml1vBuT
-R+jOD3QbrYMQQNC89NaDS8P05nED+M2J/FwddMJfrVfd9iYZYW0eK/pppwktY1/f
-ktmshju1x3MV8xmduyd3T5YilttfAPQ8mT2wb3nbjLfBm4R5N5xWFrzFAz97J/4a
-I0cFWDfTDZSUFsvePYuXaEoWgUynyTQ7pLQcvmsjGpo39SYFXa1CDK6NSQoaeX9+
-=ifb7
+KSA8c3VwcG9ydEBjcm93ZHN0cmlrZS5jb20+iQJSBBMBCAA8FiEEv2Mf1htUcfzg
+UgvKXiAM4XmLyBgFAmSd0wUCGwMFCQHhM4AECwkIBwQVCgkIBRYCAwEAAh4BAheA
+AAoJEF4gDOF5i8gYgGsQAJMafCytpjPWtjyVj5q9DA1hq5KjmcHrguPawNb/mlSF
+i8M5JRbk5uhe1KSapPZJ5MxbWVXjzp+P3ebGzSlEvxNU7GvDpUPVEuuhzqjhLk/R
+ZveT7dRFqUuHv8c2+8AztTdlAH4Q2BrozuGte10D1rlfCwE1pXucXA5Exd4/ec6m
+xnpVN2bwu+CsyNCdYlSM8BO7dzmta+3QsKMxayGUtZYuEsUV1EXjnNdzt9eJVir9
+Cpt31OR2M/i3l/Q/sW1x9k/9NTfx2iksC2I+nkR4T+Sb15Yq/8dJ8HkHZvOXAzot
+7NhCECLpmIa7N6VmYvrCi8Fm5ovTsH2QzkvVaXrbSQppHQrS+bvvlzLfR14673HK
+JDOSQyXLyMVqMpmftuBsdV68RSVf+vzF5e/WqaEB8qXQH/I8B3YDu9RNQrXLMyM/
+mPk15KPO9kVjxujFFIlK9Ox1X2uqDY6yMDzgfbxopsIMd1Z6+Js1nqNbRy+5hGG0
+8DHbRDlKrPX6TCEt68xVsOCsMi1+PbvgydLq6EB+mg/6cpK25upxHmcBF6HHKIm8
+R2tyGD5elCPIi3U1IYGhXQFHGlvslKG0rhyBc1ya/pE8XQzv+KOh0OHGUG2COa4D
+S/L9HPKBgdjltbptqo0c/vBdJFpRA405KR4ELcGPATq/6OODYMpjpZsrO2VreHNm
+uQINBGSd0wUBEAC5pwLtqIrVKD+t9r3apWnysom9076HHFlsidND2o4S47XzfrZP
+bdDuFH8QqWs58ZPLXfuzCIhq8GvvPWUoqTXcTxgtsauLAtyHBnexFxliXYbVh16T
+SZTjrO/h2iTXgdPtqGVTA5SjZPZ8wTcOBNzctS9Q/kmwotySXSpXQDimzMBXSg/X
+mX6g+ijz9wqFGBPdvU0rraWiVmLpMuJzpBW8GZsoXoEMdhLh+bd7Kq70lHxrC8IW
+aYu57+MsIVe4Gdk7Zbs0XMwOWkGnA29Cixp8SvsdGhRj7FLC1wF0d2WGfhhsCHgm
+EJbg7i6ch5lh8sdUM/ZbOvLYrAJ/Mao8z+1rh6cYA5vIJzaX3IO/cazivylhlcnk
+u2Fzobks9KVTZXTHQ1J1pqtusqDtVTTs7n7svYiSWV0rT7CM/oCJCNfHTUDk5mwu
+/NJSwNF/I598i3j1rZYNzaZ02SvpXOTakk4rZ+hRdX+nvhHG+0df+O7deu35LFoN
+MVKYcTRkUBAGnp6mtwDd+DrRDMNwlsOJyv5GXWadK+RMSRb5KRxIDRqXt9D06AdQ
+9DKFxta8IZekdzN6RlrkGCrVXF/LHDgLKVCOKFBgj2HP+XsPm2t3c8H+KbdSGJHi
+9lJqjvF7+BpQLzFFmT0VIpbrHKGw/BqMD997ZzzIyHKXhSRBU0vq/v1EUQARAQAB
+iQI8BBgBCAAmFiEEv2Mf1htUcfzgUgvKXiAM4XmLyBgFAmSd0wUCGwwFCQHhM4AA
+CgkQXiAM4XmLyBhPkg//V+wL2TGlzFCV5ZTbPPiGNVFpuiAJVr+qyu80bSmo8xx+
+91R5/z74gIYHxBdBS6gqmDWOJbJi56DMmhK6qq2cSPJbVoO9KrA03oyaJ+EMK9gX
+vnxM2/G1CjqC6yFB8ZJgit77LEsC/BkJ6aQf3JvA4spBrbA7nt6RHehXQaTd93o0
+IYBfD66qzzHgfnHXtDyyI82Bwft+Q8Q+pXOOX198V+7fyd/1eU8o/qx4jMTFw9Yw
+1yDDDZoVNCxWSqOKvQZF0DNu2m8nNqx0vyFYwuV7vtm/Zb3briOB6kqcq3y5Rbiq
+EoSemMkYL7WWYqwQmOrFKbHk6t0QwwQ9H+632hriAp1iN2vcTwhrvSt3tZcOfEK5
+QD+oDtBWM3xwVrPDVGQfTbNHhg8D/mZUuxgLeVhaM7z2Gz7Dhb5iu9eD0w1xfaZ4
+HeJJM45ZkZwhBOi9HFA6eM4p9Gd2uh11wpPcAigaFifylq8+evl6xseXmk8mQHpa
+yjXMIJXGMLUecZuquNwkcQzb698HxOqwoLWUnYfPK4Une8Werb+04JVvEJI4Herf
+azCTeDb8lfUKaNuc2eMvtBE1T+Vi/CA4keDP83vKUcK0Mwvstfue47kqFbuOuF8L
+jEtro8ozeQjCFdwTjXwBh8PYJIPWgx/bdsQTavw9hhvesSBZ59U82tjnMGZzZTA=
+=du8f
 -----END PGP PUBLIC KEY BLOCK-----
diff --git a/roles/falcon_install/files/falcon-sensor2.gpg b/roles/falcon_install/files/falcon-sensor2.gpg
@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGDaIBgBEADXSeElUO9NmPLhkSzeN7fGW1MRbNwxgHdo+UYt9R98snUEjXqV
+benyCOlLGjxUiVv3S+k6LQ3RyFubDINWyUI2kQhHFIPkniR1wmeMMIqncPVBdpEG
+Mi9F6aLg2Xkhz1tEWPkXWqXVo67jgCMFn3SAMYY1EO9HCXxj6OTa6IMbtqq1+3DR
+0SgNY25lD51cJ8/FdXn1HxgQ7n5G+cNB7KDaSSOkazJTnOx68x1EI9ZFUNBPNEhx
+W9SSuzYFrJNL06byIlTomQULfsfRMm7kSCU0Tp/osT5QKwh1q/+RUm4VwITXY1t2
+j+C31QPnysg3lJsop2b5ySpolPeKW8A9dyos3nFNSX3+flZJfyKcd9NlVf2tTqXk
+LbOWvrrcCdyslX5BWKLtDR9if79nB8QI+yQPDbcEsOFS9d2c8wj1eIimSK+VH/nG
+fit9QR0DS+o9HwwK33dZfXI7KbQy47nPl+ewaady2H8S8pXxTdMycwc7w+QOy/XK
+5A+yPR8XOkUieMFJ4PVj48hUIvPWBlxIde4IFi865zv7A3nxwgZ5YzYCbKJg4dJd
+9Ptmknd5+1TDjG3e91ZAHUt9bBRzEdXbpRUr3YwecDNcj0Twu4SbT/wZ2pZsbMGi
+QxAhkRAKCp+Oyjz8Al6F4opDnkY4krpcr1FkkSof0+XzE01L6YSC2Qca0wARAQAB
+tElDcm93ZFN0cmlrZSwgSW5jLiAoZmFsY29uLXNlbnNvciBpbnN0YWxsZXIga2V5
+KSA8c3VwcG9ydEBjcm93ZHN0cmlrZS5jb20+iQJSBBMBCgA8FiEEOFpE/46dUSQL
+X7TARye71VGbF38FAmDaIBgCGwMFCQPCZwAECwkIBwQVCgkIBRYCAwEAAh4FAheA
+AAoJEEcnu9VRmxd/p+cP+gOg6UAOBmG1xRLMxsTH4lmngakWsa6J2d9m3G3K1b7y
+MrweLvyhfP/gCyjd11tmJCV0NeVHGJR10wz7q4t7eP8OdSvWi6F9BtxlXaiacXcY
+YweGBaUIILy0q+GfsZ0ffLXqB6B5R9JRpP8vYv8csPlodgp8jXeOcTmfI/UstjQP
+isTd7cT5yYYTunfZiIUh0ysXeyY6jnkFVTEmZdSlhUJhqnxhvkRgkTrcwGwb08DY
+05KcI5LQMlqwiHV2pTZxEtd6hhlfosciFJLcMoII4Xa9TyiYLRSakf1rcoMkNjMC
+OEu7RauXXcD43IrvID2303WX4RK6jWAEFHZwaFIUo5bZ2MXgufjsiDcEP3Hg1VuN
+UzN69StySNsVCpqQNfMavVpipmMtaFl5tQqMxNDMLiAVLx1m2g9hr4pP3SdKzkPC
+626JM+et4lPDtnHAh05XLSkeJEBawL7cnPHRzuQVA12utD9KvYC0D2+WLml1vBuT
+R+jOD3QbrYMQQNC89NaDS8P05nED+M2J/FwddMJfrVfd9iYZYW0eK/pppwktY1/f
+ktmshju1x3MV8xmduyd3T5YilttfAPQ8mT2wb3nbjLfBm4R5N5xWFrzFAz97J/4a
+I0cFWDfTDZSUFsvePYuXaEoWgUynyTQ7pLQcvmsjGpo39SYFXa1CDK6NSQoaeX9+
+=ifb7
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/roles/falcon_install/tasks/install.yml b/roles/falcon_install/tasks/install.yml
@@ -5,27 +5,29 @@
   when:
     - falcon_sensor_pkg is not defined
 
-- name: CrowdStrike Falcon | Transfer CrowdStrike Falcon RPM GPG key file
+- name: CrowdStrike Falcon | Transfer CrowdStrike Falcon RPM GPG key files
   ansible.builtin.copy:
-    src: "{{ falcon_gpg_key }}"
-    dest: "{{ falcon_install_temp_directory.path }}/{{ falcon_gpg_key }}"
+    src: "{{ item }}"
+    dest: "{{ falcon_install_temp_directory.path }}/{{ item }}"
     mode: 0640
   changed_when: no
+  loop: "{{ falcon_gpg_keys }}"
   when:
     - falcon_gpg_key_check
 
-- name: CrowdStrike Falcon | Import CrowdStrike Falcon RPM GPG key from file
+- name: CrowdStrike Falcon | Import CrowdStrike Falcon RPM GPG key from files
   ansible.builtin.rpm_key:
     state: present
-    key: '{{ falcon_install_temp_directory.path }}/{{ falcon_gpg_key }}'
+    key: '{{ falcon_install_temp_directory.path }}/{{ item }}'
   changed_when: no
+  loop: "{{ falcon_gpg_keys }}"
   when:
     - falcon_gpg_key_check
     - ansible_facts['pkg_mgr'] in rpm_packagers
 
 - name: CrowdStrike Falcon | Import CrowdStrike Falcon APT GPG key from file
   ansible.builtin.apt_key:
-    file: '{{ falcon_install_temp_directory.path }}/{{ falcon_gpg_key }}'
+    file: '{{ falcon_install_temp_directory.path }}/{{ latest_gpg_key }}'
     state: present
   changed_when: no
   when:

diff --git a/roles/falcon_install/vars/main.yml b/roles/falcon_install/vars/main.yml
@@ -11,7 +11,11 @@ rpm_packagers:
 dpkg_packagers:
   - apt
 
-falcon_gpg_key: falcon-sensor.gpg
+falcon_gpg_keys:
+  - falcon-sensor.gpg
+  - falcon-sensor2.gpg
+
+latest_gpg_key: "{{ falcon_gpg_keys[0] }}"
 
 falcon_cloud_urls:
   us-1: "api.crowdstrike.com"