[OpenAFS] OpenAFS 1.8.7 on Linux systems running Crowdstrike falcon-sensor

Ken Hornstein kenh@cmf.nrl.navy.mil
Mon, 08 Mar 2021 10:06:44 -0500


>We at MIT CSAIL stoped using crowdstrike partly becuase they refused
>to fix this despite us providing a patch to falcon-sensor (whcih is
>just a tarred pile of shell scripts).
>
>The need to excluse /afs from their scans there's several ways to do
>this (they use "find" internally).
>
>We found them unhelpful and very good at talkign to magnagement types
>and very bad at anyting actually technical.

For what it's worth ... we ran into this EXACT issue not with crowdstrike,
but some other similar product (which I want to say was McAfee something
or other, maybe).  The situation was even more comical, because, AGAIN,
all they had to do was exclude /afs, but ... as it was explained to me,
the online portal to submit change requests was broken and we couldn't
formally submit the change request.  And the online portal was broken
for ... years?  Like, LITERALLY, it was down for at least a year.  There
were a lot of management layers between us and the people who could
submit the change request, so I don't know how accurate that was.  And
this was a couple of years ago so maybe the situation has changed.
But the general obnoxiousness of the security software vendor seems to be
universal, sadly.

The upside was, however, that because it ended up crashing our system we
could use the legitimate excuse, "We can't run that, it crashes our
systems and the support portal doesn't work, see ticket X".  So ...
the system works, I guess?

--Ken