cancel
Showing results for 
Search instead for 
Did you mean: 

SentinelOne Command install Script Mac + Linux

Fulgubbe
Novitiate III

Here are two install scripts to install SentinelOne Agent with token on Mac and Linux. Run once a day or so. If installed it will exit installer. Mac version can also be used as a PostInstall script in an empty .pkg if you want to utilize Software Management instead.

We use dropbox to store downloads but if you do remember to change download link to ?dl=1 instead of ?dl=0

Mac Script:

 

#!/bin/bash

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.pkg"

#You can put the installer on dropbox or where you prefer.

if [ -d /Applications/SentinelOne/ ];
then
  echo "Already Installed"
  exit 0
else

#Download Agent
curl -L -o /tmp/$pkgName $downloadLink

#Set Token
echo $sentinelToken > /tmp/com.sentinelone.registration-token

#Install Agent
/usr/sbin/installer -pkg /tmp/$pkgName -target /
fi

 

Linux:

 

#!/bin/bash

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.deb"

#You can put the installer on dropbox or where you prefer.

if [ -d "/opt/sentinelone/" ];
then 
	echo "Already Installed"
  exit 0
else

cd /tmp

#Download Agent
curl -L -o $pkgName $downloadLink

#Install Agent
chmod +x $pkgName
dpkg -i $pkgName

#Set Token
/opt/sentinelone/bin/sentinelctl management token set $sentinelToken

#Start Agent
/opt/sentinelone/bin/sentinelctl control start

fi

 

59 REPLIES 59

@Franco You have a few issues. What's the "open" command for? You don't need that. Also you need double brackets for your if statement. Try this:

#!/bin/bash 

sentinelToken=“token number” 
downloadLink="https://servername.com”      
pkgName="Sentinel-Release-22-2-3-6268_macos.pkg" 

#You can put the installer on dropbox or where you prefer. 
if [[ -d /Applications/SentinelOne/ ]]; then
    echo "Already Installed"
    exit 0
else 
  #Download Agent
  curl -L -o /tmp/$pkgName $downloadLink

  #Set Token
  echo $sentinelToken > /tmp/com.sentinelone.registration-token

  #Install Agent
  /usr/sbin/installer -pkg /tmp/$pkgName -target /
fi

Here's my working script. Similar to the one above but setting the token a bit differently. And I curl the binary from a shared Gdrive, so you'll have to modify that part for where you are getting yours from. Hope it helps.

#!/bin/bash

# VARS
###################################################
export sentinelToken=xxxxxxx
export fileid=xxxxxxxx
export filename=xxxxxx
###################################################

# Test if already installed
if [[ -d /Applications/SentinelOne/ ]]
  then
    echo "S1 Already Installed. Exiting..."
    exit 0
fi

# Create Temp Folder
#
DATE=$(date '+%Y-%m-%d-%H-%M-%S')
TempFolder="Download-$DATE"
mkdir /tmp/$TempFolder

# Navigate to Temp Folder
#
cd /tmp/$TempFolder

# Get binary from shared Gdrive
curl -L -c cookies.txt 'https://docs.google.com/uc?export=download&id='$fileid | sed -rn 's/.*confirm=([0-9A-Za-z_]+).*/\1/p' > confirm.txt
curl -L -b cookies.txt -o $filename 'https://docs.google.com/uc?export=download&id='$fileid'&confirm='$(<confirm.txt)

rm -f confirm.txt cookies.txt

DownloadFile="$(ls)"
echo "Downloaded $DownloadFile to /tmp/$TempFolder"

# Verifies PKG File
#
regex='\.pkg$'
if [[ $DownloadFile =~ $regex ]]; then
    PKGFile="$(echo "$DownloadFile")"
    echo "PKG File Found: $PKGFile"
else
    echo "File: $DownloadFile is not a PKG"
    rm -r /tmp/$TempFolder
    echo "Deleted /tmp/$TempFolder"
    exit 1
fi

#Set Token
echo $sentinelToken > /tmp/$TempFolder/com.sentinelone.registration-token

#Install Agent
/usr/sbin/installer -pkg /tmp/$TempFolder/$PKGFile -target /Applications

# Remove Temp Folder and download
#
rm -r /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"



what is fileid? its that the server name and is expect not install on mac by default?  never mind on except just tested and its part of the os

The var fileid is for the Gdrive link. You can just delete that if you are getting the binary from a local server or AWS S3 link or whatever. 

@jeff-codecov    It gives success but it does not install sentinelone on client are you sure this is for macs?

 

Yep, positive.

@jeff-codecov  top windows states succesful bottom section I get this error

Downloaded SentinelOne.pkg to /tmp/Download-2022-08-10-13-16-03
PKG File Found: SentinelOne.pkg
installer: Error - the package path specified was invalid: '/tmp/Download-2022-08-10-13-16-03/Sen
tinelOne.pkg'.
Deleted /tmp/Download-2022-08-10-13-16-03
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 1642 0 1642 0 0 9688 0 --:--:-- --:--:-- --:--:-- 9951
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 1642 0 1642 0 0 11309 0 --:--:-- --:--:-- --:--:-- 12162

 

it does not instal sentielone on mac

I used @TomBridge  script but replace from drop box to gdrive

and get error zsh:19: permission denied: /tmp/com.sentinelone.registration-token

I am 100 percent that it is the correct token

Permissions denied means that the file isn't readable. That usually means you need to chmod 777 the file and then clean it up when you're done?

it you script everything is the same all  I ddi was change the downlink from drpbox server to gdrive 

- Are you sure when you created the command you selected the right "Type" in the UI? You need to select "Mac".
- Please share your script (minus the tokenid, etc). It's easier to help if we can see the code, or if it's someone else's code and you modified it perhaps, we need to see that.
- Please share the full command result output (minus any sensitive data). 

Jason from jumpcloud gave me  the solution its tom scrip but I had to end 1 at the end of dropbox link

When I copy that long link its has 0 at the end change that to 1 and everything else @TomBridge  script works

 

I want to thank Tom and Jeff in assisting me 

My pleasure!

chrisfrieberg
Novitiate II

@TomBridge we are working on sentinelone deployment now! for the xml file, what, if any, do we need to update 

We'd like to deploy this as silent and user intervention-free as possible so we're hoping the full disk access is something we can really automate

Hey Chris!

We've got a Mac Command for Sentinel One and a Windows Command for Sentinel One.

In addition there's a new policy for Sentinel One for macOS Devices:

Sentinel One Policy for macOSSentinel One Policy for macOS

That should get you everything you need!

For windows we got an exit code 124, any ideas @TomBridge ?

The Mac command and silent install using the policy worked great.

Set the command to a longer execution time, @chrisfrieberg ?

JRC1914
Novitiate I

So I attempted to use the install script for sentinelone and I got an error. Exit code 1. 

It says in the log

 

PKG File Found:xxxxxxxx

Package is unsigned. Exiting....

Could not open package: senitnel-Release-xxxxxxxxxxx

 

The package for Sentinel One must be a codesigned package from Sentinel One.