cancel
Showing results for 
Search instead for 
Did you mean: 

SentinelOne Command install Script Mac + Linux

Fulgubbe
Novitiate III

Here are two install scripts to install SentinelOne Agent with token on Mac and Linux. Run once a day or so. If installed it will exit installer. Mac version can also be used as a PostInstall script in an empty .pkg if you want to utilize Software Management instead.

We use dropbox to store downloads but if you do remember to change download link to ?dl=1 instead of ?dl=0

Mac Script:

 

#!/bin/bash

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.pkg"

#You can put the installer on dropbox or where you prefer.

if [ -d /Applications/SentinelOne/ ];
then
  echo "Already Installed"
  exit 0
else

#Download Agent
curl -L -o /tmp/$pkgName $downloadLink

#Set Token
echo $sentinelToken > /tmp/com.sentinelone.registration-token

#Install Agent
/usr/sbin/installer -pkg /tmp/$pkgName -target /
fi

 

Linux:

 

#!/bin/bash

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.deb"

#You can put the installer on dropbox or where you prefer.

if [ -d "/opt/sentinelone/" ];
then 
	echo "Already Installed"
  exit 0
else

cd /tmp

#Download Agent
curl -L -o $pkgName $downloadLink

#Install Agent
chmod +x $pkgName
dpkg -i $pkgName

#Set Token
/opt/sentinelone/bin/sentinelctl management token set $sentinelToken

#Start Agent
/opt/sentinelone/bin/sentinelctl control start

fi

 

59 REPLIES 59

Fulgubbe
Novitiate III

Btw you also need a custom PPPC profile for Macs. 

Here is the XML for Agent version 21.7 and Later

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDescription</key>
			<string></string>
			<key>PayloadDisplayName</key>
			<string>Privacy Preferences Policy Control</string>
			<key>PayloadIdentifier</key>
			<string>236FFBB3-159D-4A5F-B146-AAA7BBA11FF0</string>
			<key>PayloadOrganization</key>
			<string>Your Company</string>
			<key>PayloadType</key>
			<string>com.apple.TCC.configuration-profile-policy</string>
			<key>PayloadUUID</key>
			<string>236FFBB3-159D-4A5F-B146-AAA7BBA11FF0</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>Services</key>
			<dict>
				<key>SystemPolicyAllFiles</key>
				<array>
					<dict>
						<key>Allowed</key>
						<integer>1</integer>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>
						<key>Identifier</key>
						<string>com.sentinelone.sentineld</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<integer>0</integer>
					</dict>
					<dict>
						<key>Allowed</key>
						<integer>1</integer>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>
						<key>Identifier</key>
						<string>com.sentinelone.sentineld-helper</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<integer>0</integer>
					</dict>
					<dict>
						<key>Allowed</key>
						<integer>1</integer>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>

						<key>Identifier</key>
						<string>com.sentinelone.sentineld-shell</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<integer>0</integer>
					</dict>
				</array>
			</dict>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Provides access to all disk to Sentinel One processes</string>
	<key>PayloadDisplayName</key>
	<string>SentinelOne - Privacy Control</string>
	<key>PayloadIdentifier</key>
	<string>0F7D9FAD-1257-402C-A942-354723513881</string>
	<key>PayloadOrganization</key>
	<string>Sentinel Labs, Inc.</string>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>5961E10D-A589-4A7E-9790-8F1C55511014</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

can you share instractions how to use it from jupcmloud 

Yes this would be very helpful if possible.

TomBridge
Rising Star II
Rising Star II
  1. Save the XML above into a file called SentinelOnePPPC.mobileconfig.
  2. Login to the JumpCloud Admin Portal.
  3. Click Policy Management.
  4. Click the Green +
  5. Select macOS from the policy types.
  6. Select MDM Custom Configuration Policy.
  7. Upload this file in the custom section.
  8. Apply this policy to your designed scope.

Hello.

Can you please share how to use this with NinjaOne?

Also, how would one script to allow extensions (security and privacy)?

Thank you!

Hi @akamoneybags !

You need to use the MDM Policies to allow System Extensions and grant them Privacy Preferences Policy Control settings. Fortunately, we have policies for both now! 

Check out the Create a Mac Application Privacy Preferences Policy article in our knowledge base for more on how to do that, or the Create a Mac System Extension Policy article.

What if you already have a customer configuration profile, will creating one for sentinelone stop the other from working? 

When you say "customer configuration profile" what do you mean?

What I mean is a custom MDM configuration profile. I have one that I created to push out to MACs already, is it ok to apply two custom config profiles?

Not a great idea to supply two profiles for the same tool. 

jeff-codecov
Novitiate III

Works perfect, thanks @Fulgubbe !

Franco
Novitiate II

Is there something for Macs the above solutions do not work with macs

@Franco It works perfectly for me. Can you elaborate on what's not working?

The first script does nothing it does not  download or install it.

Give no error and no successful message it just has window with its command.

yes the user is admin and yes I spoke to support

The best I can do was create my own custom script

there 2 caveats with my script 1 I need the users password this makes it unscalable and 2nd it will not give it full disk access

Also I can not seem to find very much on how to do this with Windows.

We have about 20% windows

My expectations are that I use a command or policy or both and it works on Mac and iPC I understand it has be one for each but I should be able to run it 1000 times without any user interference or need any thing from them. 

 

 

You need to apply the XML policy to your mac hosts as Tom explains. Then the scripts have three variable at the top that need to be modified. Then run it as root from a command. You don't need to enter any passwords to set full disk access. 

It works similarly for Linux, without the need for the XML policy.  I don't have windows hosts, so you will have to investigate using a Powershell script for that.

I did and it not working

As @jeff-codecov mentioned, you need two things to deliver Sentinel One to Macs successfully:

  • An MDM Custom Profile with the XML above, to allow Full Disk Access
  • A Command to download the installer package, if necessary, check its signature and notarization status, place the Sentinel One token in a known location, and then execute the installer to complete the install.

If you supply your own installer, its package name, and licensing info in the command, that command is idempotent (meaning, its results are always the same, no matter the installed state of S1) and can be run as a repeating command.

I do not know what tell you but yes to all nothing it does not work

Sometimes it's helpful to share what you're inputting into the variables in the first three lines of the supplied command. You can sanitize the values by changing the domain to example.com or changing the last digits of the key to XXXXX.

For the Macs that you're installing this on, are you seeing the necessary Full Disk Access profile in the System Preferences > Profiles preference pane?

I can not do that security reasons  why do you tell what to go there

 

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.deb"

I can say

sentenel token is the sentinel token

downlink is our server where sentinelone  file to download

 

pkg name Is the name of sentineone pkg

 

 

sentinelToken should be self-explanatory. It's the token to assign a new install to your device. 

downloadLink is a publicly-accessible URL that contains your Sentinel One installer. A sample would be https://www.example.com/mypackages/installers/sentinelone/sentinelone.deb or https://www.example.com/mypackages/installers/sentinelone/sentinelone.pkg

pkgName would be sentinelone.deb or sentinelone.pkg

Ok let me try that 

Nope did not work

TomBridge
Rising Star II
Rising Star II

Can you share the command results, at least?

same as above nothing 

are you stump? I still need a solution

I've added some output to the script that should be captured by our Commands tools in the Admin Portal. Try including the right items in the variables and then running this command. You should be able to paste the output from the Admin Portal as a response?

#!/bin/bash

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.deb"

#You can put the installer on dropbox or where you prefer.

echo "Beginning Loop to Check for S1 and Install if not present"

if [ -d "/opt/sentinelone/" ];
then 
	echo "Already Installed"
  exit 0
else

cd /tmp

#Download Agent
curl -L -o $pkgName $downloadLink
echo "Installer Downloaded"

#Install Agent
chmod +x $pkgName
echo "Changing Permissions on Downloaded Package"
dpkg -i $pkgName
echo "Installed Package"

#Set Token
echo "Setting Sentinel One Token"
/opt/sentinelone/bin/sentinelctl management token set $sentinelToken
echo "Token Set"


#Start Agent
echo "Starting Sentinel One Process"
/opt/sentinelone/bin/sentinelctl control start

fi

echo "Loop Complete"

that does not work period ok I need working solution.

I assuming it not for jumpcloud to have unsolve issue and this is unsolve.

BScott
Community Manager Community Manager
Community Manager

Hi Franco, admin here. The team is doing what they can to help you, but without more information from you, they can only help so much. If you refuse to answer some of the questions, exactly how are they to help you further? We need you to work with us here. 

And people are doing this outside of their normal duties, as volunteers (this isn't their actual day job), so I'm asking you to be kind in your responses to the people who are just trying to help you. Even though you're frustrated, they aren't the ones causing the problems you're having at the moment.

Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.

I gave them answer I told everthing I can no give them  security info.

You have look my end if I ask you  to give me your information you will not right?

Anything  even close to the real information may cause a security issue

I gave him everything else

Totally hear that you need a working solution, but it's hard for me to understand where you're getting stuck right now. Our Command results will include everything fed back out to standard out, which will include the echo lines I added to the Command. If nothing's running, there's a bigger problem here. 😞

I told you it does not wok I enter that script put the token / pub server and file  Yes  I include the xml as policy and when I run that command it the result is just a window it does not say succesful it does not say fail it just has the script in the above window with nothing under it. 

When look at the test computer it never install the package

 

 

I manage to get error I delete the bash and policy and when I recreate the policy I  get 

Unable to save Policy!
failed to insert policy into policy database (org= xxxxxx): failed to prepare policy: prepare failed: profile was not in plist format

I started over delete both command and policy.  Recreated  both and this time it does say successful but it did not install SentinelOne  on my test client

found this when I scroll down sorry I did not included above

zsh:31: no such file or directory: /opt/sentinelone/bin/sentinelctl

 

update  also saw this error

command not found: dpkg

Can you include the whole command output? 

sorry not sure what you are asking 

I can not give you the entire windows but it goes pass downloading then states 

command not found: dpkg. and twice zsh:31: no such file or directory: /opt/sentinelone/bin/sentinelctl

and that where it ends

Is it possible in this one you're trying to run the Linux script which uses deb and dpkg to install the app on macOS?

I delete it and ensure copy mac script and now I get error and the following

#!/bin/bash sentinelToken=“token number” open downloadLink="https://servername.com” pkgName="Sentinel-Release-22-2-3-6268_macos.pkg" #You can put the installer on dropbox or where you prefer. if [ -d /Applications/SentinelOne/ ]; then echo "Already Installed" exit 0 else #Download Agent curl -L -o /tmp/$pkgName $downloadLink #Set Token echo $sentinelToken > /tmp/com.sentinelone.registration-token #Install Agent /usr/sbin/installer -pkg /tmp/$pkgName -target / fi

 

fyi it does not exist on that mac

 

forgot to include these errors

curl: (23) Failure writing output to destination
zsh:19: permission denied: /tmp/com.sentinelone.registration-token