cancel
Showing results for 
Search instead for 
Did you mean: 

SentinelOne Command install Script Mac + Linux

Fulgubbe
Novitiate III

Here are two install scripts to install SentinelOne Agent with token on Mac and Linux. Run once a day or so. If installed it will exit installer. Mac version can also be used as a PostInstall script in an empty .pkg if you want to utilize Software Management instead.

We use dropbox to store downloads but if you do remember to change download link to ?dl=1 instead of ?dl=0

Mac Script:

 

#!/bin/bash

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.pkg"

#You can put the installer on dropbox or where you prefer.

if [ -d /Applications/SentinelOne/ ];
then
  echo "Already Installed"
  exit 0
else

#Download Agent
curl -L -o /tmp/$pkgName $downloadLink

#Set Token
echo $sentinelToken > /tmp/com.sentinelone.registration-token

#Install Agent
/usr/sbin/installer -pkg /tmp/$pkgName -target /
fi

 

Linux:

 

#!/bin/bash

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.deb"

#You can put the installer on dropbox or where you prefer.

if [ -d "/opt/sentinelone/" ];
then 
	echo "Already Installed"
  exit 0
else

cd /tmp

#Download Agent
curl -L -o $pkgName $downloadLink

#Install Agent
chmod +x $pkgName
dpkg -i $pkgName

#Set Token
/opt/sentinelone/bin/sentinelctl management token set $sentinelToken

#Start Agent
/opt/sentinelone/bin/sentinelctl control start

fi

 

46 REPLIES 46

Fulgubbe
Novitiate III

Btw you also need a custom PPPC profile for Macs. 

Here is the XML for Agent version 21.7 and Later

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDescription</key>
			<string></string>
			<key>PayloadDisplayName</key>
			<string>Privacy Preferences Policy Control</string>
			<key>PayloadIdentifier</key>
			<string>236FFBB3-159D-4A5F-B146-AAA7BBA11FF0</string>
			<key>PayloadOrganization</key>
			<string>Your Company</string>
			<key>PayloadType</key>
			<string>com.apple.TCC.configuration-profile-policy</string>
			<key>PayloadUUID</key>
			<string>236FFBB3-159D-4A5F-B146-AAA7BBA11FF0</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>Services</key>
			<dict>
				<key>SystemPolicyAllFiles</key>
				<array>
					<dict>
						<key>Allowed</key>
						<integer>1</integer>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>
						<key>Identifier</key>
						<string>com.sentinelone.sentineld</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<integer>0</integer>
					</dict>
					<dict>
						<key>Allowed</key>
						<integer>1</integer>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>
						<key>Identifier</key>
						<string>com.sentinelone.sentineld-helper</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<integer>0</integer>
					</dict>
					<dict>
						<key>Allowed</key>
						<integer>1</integer>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>

						<key>Identifier</key>
						<string>com.sentinelone.sentineld-shell</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<integer>0</integer>
					</dict>
				</array>
			</dict>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Provides access to all disk to Sentinel One processes</string>
	<key>PayloadDisplayName</key>
	<string>SentinelOne - Privacy Control</string>
	<key>PayloadIdentifier</key>
	<string>0F7D9FAD-1257-402C-A942-354723513881</string>
	<key>PayloadOrganization</key>
	<string>Sentinel Labs, Inc.</string>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>5961E10D-A589-4A7E-9790-8F1C55511014</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

can you share instractions how to use it from jupcmloud 

Yes this would be very helpful if possible.

TomBridge
JumpCloud Employee
JumpCloud Employee
  1. Save the XML above into a file called SentinelOnePPPC.mobileconfig.
  2. Login to the JumpCloud Admin Portal.
  3. Click Policy Management.
  4. Click the Green +
  5. Select macOS from the policy types.
  6. Select MDM Custom Configuration Policy.
  7. Upload this file in the custom section.
  8. Apply this policy to your designed scope.

jeff-codecov
Novitiate III

Works perfect, thanks @Fulgubbe !

Franco
Novitiate II

Is there something for Macs the above solutions do not work with macs

@Franco It works perfectly for me. Can you elaborate on what's not working?

The first script does nothing it does not  download or install it.

Give no error and no successful message it just has window with its command.

yes the user is admin and yes I spoke to support

The best I can do was create my own custom script

there 2 caveats with my script 1 I need the users password this makes it unscalable and 2nd it will not give it full disk access

Also I can not seem to find very much on how to do this with Windows.

We have about 20% windows

My expectations are that I use a command or policy or both and it works on Mac and iPC I understand it has be one for each but I should be able to run it 1000 times without any user interference or need any thing from them. 

 

 

You need to apply the XML policy to your mac hosts as Tom explains. Then the scripts have three variable at the top that need to be modified. Then run it as root from a command. You don't need to enter any passwords to set full disk access. 

It works similarly for Linux, without the need for the XML policy.  I don't have windows hosts, so you will have to investigate using a Powershell script for that.

I did and it not working

TomBridge
JumpCloud Employee
JumpCloud Employee

As @jeff-codecov mentioned, you need two things to deliver Sentinel One to Macs successfully:

  • An MDM Custom Profile with the XML above, to allow Full Disk Access
  • A Command to download the installer package, if necessary, check its signature and notarization status, place the Sentinel One token in a known location, and then execute the installer to complete the install.

If you supply your own installer, its package name, and licensing info in the command, that command is idempotent (meaning, its results are always the same, no matter the installed state of S1) and can be run as a repeating command.

I do not know what tell you but yes to all nothing it does not work

TomBridge
JumpCloud Employee
JumpCloud Employee

Sometimes it's helpful to share what you're inputting into the variables in the first three lines of the supplied command. You can sanitize the values by changing the domain to example.com or changing the last digits of the key to XXXXX.

For the Macs that you're installing this on, are you seeing the necessary Full Disk Access profile in the System Preferences > Profiles preference pane?

I can not do that security reasons  why do you tell what to go there

 

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.deb"

I can say

sentenel token is the sentinel token

downlink is our server where sentinelone  file to download

 

pkg name Is the name of sentineone pkg

 

 

TomBridge
JumpCloud Employee
JumpCloud Employee

sentinelToken should be self-explanatory. It's the token to assign a new install to your device. 

downloadLink is a publicly-accessible URL that contains your Sentinel One installer. A sample would be https://www.example.com/mypackages/installers/sentinelone/sentinelone.deb or https://www.example.com/mypackages/installers/sentinelone/sentinelone.pkg

pkgName would be sentinelone.deb or sentinelone.pkg

Ok let me try that 

Nope did not work

TomBridge
JumpCloud Employee
JumpCloud Employee

Can you share the command results, at least?

same as above nothing 

are you stump? I still need a solution

TomBridge
JumpCloud Employee
JumpCloud Employee

I've added some output to the script that should be captured by our Commands tools in the Admin Portal. Try including the right items in the variables and then running this command. You should be able to paste the output from the Admin Portal as a response?

#!/bin/bash

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.deb"

#You can put the installer on dropbox or where you prefer.

echo "Beginning Loop to Check for S1 and Install if not present"

if [ -d "/opt/sentinelone/" ];
then 
	echo "Already Installed"
  exit 0
else

cd /tmp

#Download Agent
curl -L -o $pkgName $downloadLink
echo "Installer Downloaded"

#Install Agent
chmod +x $pkgName
echo "Changing Permissions on Downloaded Package"
dpkg -i $pkgName
echo "Installed Package"

#Set Token
echo "Setting Sentinel One Token"
/opt/sentinelone/bin/sentinelctl management token set $sentinelToken
echo "Token Set"


#Start Agent
echo "Starting Sentinel One Process"
/opt/sentinelone/bin/sentinelctl control start

fi

echo "Loop Complete"

that does not work period ok I need working solution.

I assuming it not for jumpcloud to have unsolve issue and this is unsolve.

BScott
Community Manager Community Manager
Community Manager

Hi Franco, admin here. The team is doing what they can to help you, but without more information from you, they can only help so much. If you refuse to answer some of the questions, exactly how are they to help you further? We need you to work with us here. 

And people are doing this outside of their normal duties, as volunteers (this isn't their actual day job), so I'm asking you to be kind in your responses to the people who are just trying to help you. Even though you're frustrated, they aren't the ones causing the problems you're having at the moment.

Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.

I gave them answer I told everthing I can no give them  security info.

You have look my end if I ask you  to give me your information you will not right?

Anything  even close to the real information may cause a security issue

I gave him everything else

TomBridge
JumpCloud Employee
JumpCloud Employee

Totally hear that you need a working solution, but it's hard for me to understand where you're getting stuck right now. Our Command results will include everything fed back out to standard out, which will include the echo lines I added to the Command. If nothing's running, there's a bigger problem here. 😞

I told you it does not wok I enter that script put the token / pub server and file  Yes  I include the xml as policy and when I run that command it the result is just a window it does not say succesful it does not say fail it just has the script in the above window with nothing under it. 

When look at the test computer it never install the package

 

 

I manage to get error I delete the bash and policy and when I recreate the policy I  get 

Unable to save Policy!
failed to insert policy into policy database (org= xxxxxx): failed to prepare policy: prepare failed: profile was not in plist format

I started over delete both command and policy.  Recreated  both and this time it does say successful but it did not install SentinelOne  on my test client

found this when I scroll down sorry I did not included above

zsh:31: no such file or directory: /opt/sentinelone/bin/sentinelctl

 

update  also saw this error

command not found: dpkg

TomBridge
JumpCloud Employee
JumpCloud Employee

Can you include the whole command output? 

sorry not sure what you are asking 

I can not give you the entire windows but it goes pass downloading then states 

command not found: dpkg. and twice zsh:31: no such file or directory: /opt/sentinelone/bin/sentinelctl

and that where it ends

TomBridge
JumpCloud Employee
JumpCloud Employee

Is it possible in this one you're trying to run the Linux script which uses deb and dpkg to install the app on macOS?

I delete it and ensure copy mac script and now I get error and the following

#!/bin/bash sentinelToken=“token number” open downloadLink="https://servername.com” pkgName="Sentinel-Release-22-2-3-6268_macos.pkg" #You can put the installer on dropbox or where you prefer. if [ -d /Applications/SentinelOne/ ]; then echo "Already Installed" exit 0 else #Download Agent curl -L -o /tmp/$pkgName $downloadLink #Set Token echo $sentinelToken > /tmp/com.sentinelone.registration-token #Install Agent /usr/sbin/installer -pkg /tmp/$pkgName -target / fi

 

fyi it does not exist on that mac

 

forgot to include these errors

curl: (23) Failure writing output to destination
zsh:19: permission denied: /tmp/com.sentinelone.registration-token

@Franco You have a few issues. What's the "open" command for? You don't need that. Also you need double brackets for your if statement. Try this:

#!/bin/bash 

sentinelToken=“token number” 
downloadLink="https://servername.com”      
pkgName="Sentinel-Release-22-2-3-6268_macos.pkg" 

#You can put the installer on dropbox or where you prefer. 
if [[ -d /Applications/SentinelOne/ ]]; then
    echo "Already Installed"
    exit 0
else 
  #Download Agent
  curl -L -o /tmp/$pkgName $downloadLink

  #Set Token
  echo $sentinelToken > /tmp/com.sentinelone.registration-token

  #Install Agent
  /usr/sbin/installer -pkg /tmp/$pkgName -target /
fi

Here's my working script. Similar to the one above but setting the token a bit differently. And I curl the binary from a shared Gdrive, so you'll have to modify that part for where you are getting yours from. Hope it helps.

#!/bin/bash

# VARS
###################################################
export sentinelToken=xxxxxxx
export fileid=xxxxxxxx
export filename=xxxxxx
###################################################

# Test if already installed
if [[ -d /Applications/SentinelOne/ ]]
  then
    echo "S1 Already Installed. Exiting..."
    exit 0
fi

# Create Temp Folder
#
DATE=$(date '+%Y-%m-%d-%H-%M-%S')
TempFolder="Download-$DATE"
mkdir /tmp/$TempFolder

# Navigate to Temp Folder
#
cd /tmp/$TempFolder

# Get binary from shared Gdrive
curl -L -c cookies.txt 'https://docs.google.com/uc?export=download&id='$fileid | sed -rn 's/.*confirm=([0-9A-Za-z_]+).*/\1/p' > confirm.txt
curl -L -b cookies.txt -o $filename 'https://docs.google.com/uc?export=download&id='$fileid'&confirm='$(<confirm.txt)

rm -f confirm.txt cookies.txt

DownloadFile="$(ls)"
echo "Downloaded $DownloadFile to /tmp/$TempFolder"

# Verifies PKG File
#
regex='\.pkg$'
if [[ $DownloadFile =~ $regex ]]; then
    PKGFile="$(echo "$DownloadFile")"
    echo "PKG File Found: $PKGFile"
else
    echo "File: $DownloadFile is not a PKG"
    rm -r /tmp/$TempFolder
    echo "Deleted /tmp/$TempFolder"
    exit 1
fi

#Set Token
echo $sentinelToken > /tmp/$TempFolder/com.sentinelone.registration-token

#Install Agent
/usr/sbin/installer -pkg /tmp/$TempFolder/$PKGFile -target /Applications

# Remove Temp Folder and download
#
rm -r /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"



what is fileid? its that the server name and is expect not install on mac by default?  never mind on except just tested and its part of the os

The var fileid is for the Gdrive link. You can just delete that if you are getting the binary from a local server or AWS S3 link or whatever. 

@jeff-codecov    It gives success but it does not install sentinelone on client are you sure this is for macs?

 

Yep, positive.