JumpCloud Community

Fulgubbe · ‎04-25-2022

Here are two install scripts to install SentinelOne Agent with token on Mac and Linux. Run once a day or so. If installed it will exit installer. Mac version can also be used as a PostInstall script in an empty .pkg if you want to utilize Software Management instead.

We use dropbox to store downloads but if you do remember to change download link to ?dl=1 instead of ?dl=0

Mac Script:

#!/bin/bash

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.pkg"

#You can put the installer on dropbox or where you prefer.

if [ -d /Applications/SentinelOne/ ];
then
  echo "Already Installed"
  exit 0
else

#Download Agent
curl -L -o /tmp/$pkgName $downloadLink

#Set Token
echo $sentinelToken > /tmp/com.sentinelone.registration-token

#Install Agent
/usr/sbin/installer -pkg /tmp/$pkgName -target /
fi

Linux:

#!/bin/bash

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.deb"

#You can put the installer on dropbox or where you prefer.

if [ -d "/opt/sentinelone/" ];
then 
	echo "Already Installed"
  exit 0
else

cd /tmp

#Download Agent
curl -L -o $pkgName $downloadLink

#Install Agent
chmod +x $pkgName
dpkg -i $pkgName

#Set Token
/opt/sentinelone/bin/sentinelctl management token set $sentinelToken

#Start Agent
/opt/sentinelone/bin/sentinelctl control start

fi

jeff-codecov · ‎08-10-2022

@Franco You have a few issues. What's the "open" command for? You don't need that. Also you need double brackets for your if statement. Try this:

#!/bin/bash 

sentinelToken=“token number” 
downloadLink="https://servername.com”      
pkgName="Sentinel-Release-22-2-3-6268_macos.pkg" 

#You can put the installer on dropbox or where you prefer. 
if [[ -d /Applications/SentinelOne/ ]]; then
    echo "Already Installed"
    exit 0
else 
  #Download Agent
  curl -L -o /tmp/$pkgName $downloadLink

  #Set Token
  echo $sentinelToken > /tmp/com.sentinelone.registration-token

  #Install Agent
  /usr/sbin/installer -pkg /tmp/$pkgName -target /
fi

jeff-codecov · ‎08-10-2022

Here's my working script. Similar to the one above but setting the token a bit differently. And I curl the binary from a shared Gdrive, so you'll have to modify that part for where you are getting yours from. Hope it helps.

#!/bin/bash

# VARS
###################################################
export sentinelToken=xxxxxxx
export fileid=xxxxxxxx
export filename=xxxxxx
###################################################

# Test if already installed
if [[ -d /Applications/SentinelOne/ ]]
  then
    echo "S1 Already Installed. Exiting..."
    exit 0
fi

# Create Temp Folder
#
DATE=$(date '+%Y-%m-%d-%H-%M-%S')
TempFolder="Download-$DATE"
mkdir /tmp/$TempFolder

# Navigate to Temp Folder
#
cd /tmp/$TempFolder

# Get binary from shared Gdrive
curl -L -c cookies.txt 'https://docs.google.com/uc?export=download&id='$fileid | sed -rn 's/.*confirm=([0-9A-Za-z_]+).*/\1/p' > confirm.txt
curl -L -b cookies.txt -o $filename 'https://docs.google.com/uc?export=download&id='$fileid'&confirm='$(<confirm.txt)

rm -f confirm.txt cookies.txt

DownloadFile="$(ls)"
echo "Downloaded $DownloadFile to /tmp/$TempFolder"

# Verifies PKG File
#
regex='\.pkg$'
if [[ $DownloadFile =~ $regex ]]; then
    PKGFile="$(echo "$DownloadFile")"
    echo "PKG File Found: $PKGFile"
else
    echo "File: $DownloadFile is not a PKG"
    rm -r /tmp/$TempFolder
    echo "Deleted /tmp/$TempFolder"
    exit 1
fi

#Set Token
echo $sentinelToken > /tmp/$TempFolder/com.sentinelone.registration-token

#Install Agent
/usr/sbin/installer -pkg /tmp/$TempFolder/$PKGFile -target /Applications

# Remove Temp Folder and download
#
rm -r /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"

Franco · ‎08-10-2022

what is fileid? its that the server name and is expect not install on mac by default? never mind on except just tested and its part of the os

jeff-codecov · ‎08-10-2022

The var fileid is for the Gdrive link. You can just delete that if you are getting the binary from a local server or AWS S3 link or whatever.

Franco · ‎08-10-2022

@jeff-codecov It gives success but it does not install sentinelone on client are you sure this is for macs?

jeff-codecov · ‎08-10-2022

Yep, positive.

Franco · ‎08-10-2022

@jeff-codecov top windows states succesful bottom section I get this error

Downloaded SentinelOne.pkg to /tmp/Download-2022-08-10-13-16-03
PKG File Found: SentinelOne.pkg
installer: Error - the package path specified was invalid: '/tmp/Download-2022-08-10-13-16-03/Sen
tinelOne.pkg'.
Deleted /tmp/Download-2022-08-10-13-16-03
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 1642 0 1642 0 0 9688 0 --:--:-- --:--:-- --:--:-- 9951
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 1642 0 1642 0 0 11309 0 --:--:-- --:--:-- --:--:-- 12162

it does not instal sentielone on mac

Franco · ‎08-10-2022

I used @TomBridge script but replace from drop box to gdrive

and get error zsh:19: permission denied: /tmp/com.sentinelone.registration-token

I am 100 percent that it is the correct token

TomBridge · ‎08-10-2022

Permissions denied means that the file isn't readable. That usually means you need to chmod 777 the file and then clean it up when you're done?

Franco · ‎08-10-2022

it you script everything is the same all I ddi was change the downlink from drpbox server to gdrive

jeff-codecov · ‎08-10-2022

- Are you sure when you created the command you selected the right "Type" in the UI? You need to select "Mac".
- Please share your script (minus the tokenid, etc). It's easier to help if we can see the code, or if it's someone else's code and you modified it perhaps, we need to see that.
- Please share the full command result output (minus any sensitive data).

Franco · ‎08-11-2022

Jason from jumpcloud gave me the solution its tom scrip but I had to end 1 at the end of dropbox link

When I copy that long link its has 0 at the end change that to 1 and everything else @TomBridge script works

I want to thank Tom and Jeff in assisting me

TomBridge · ‎08-11-2022

My pleasure!

chrisfrieberg · ‎10-07-2022

@TomBridge we are working on sentinelone deployment now! for the xml file, what, if any, do we need to update

chrisfrieberg · ‎10-07-2022

We'd like to deploy this as silent and user intervention-free as possible so we're hoping the full disk access is something we can really automate

TomBridge · ‎10-07-2022

Hey Chris!

We've got a Mac Command for Sentinel One and a Windows Command for Sentinel One.

In addition there's a new policy for Sentinel One for macOS Devices:

Sentinel One Policy for macOS

That should get you everything you need!

chrisfrieberg · ‎10-12-2022

For windows we got an exit code 124, any ideas @TomBridge ?

The Mac command and silent install using the policy worked great.

TomBridge · ‎10-12-2022

Set the command to a longer execution time, @chrisfrieberg ?

JRC1914 · ‎11-10-2022

So I attempted to use the install script for sentinelone and I got an error. Exit code 1.

It says in the log

PKG File Found:xxxxxxxx

Package is unsigned. Exiting....

Could not open package: senitnel-Release-xxxxxxxxxxx

TomBridge · ‎11-10-2022

The package for Sentinel One must be a codesigned package from Sentinel One.

BillyManatee · ‎03-19-2025

#!/bin/bash
# VARS
###################################################
export sentinelToken="xxxxxxx"
export fileid="xxxxxxxxxxxx"
export filename="xxxxxxxxxx"
###################################################

# Test if already installed
if [[ -d /Applications/SentinelOne/ ]]; then
echo "S1 Already Installed. Exiting..."
exit 0
fi

# Create Temp Folder
DATE=$(date '+%Y-%m-%d-%H-%M-%S')
TempFolder="Download-$DATE"
mkdir -p /tmp/$TempFolder
echo "Created temporary directory: /tmp/$TempFolder"

# Navigate to Temp Folder
cd /tmp/$TempFolder
echo "Changed to directory: $(pwd)"

# Use a more direct method to download from Google Drive
echo "Downloading $filename directly from Google Drive..."
curl -L -o "$filename" "https://drive.usercontent.google.com/download?id=$fileid&export=download&authuser=0&confirm=t"

# Verify the download worked
if [[ ! -f "$filename" ]]; then
echo "ERROR: File download failed. No file was created."
exit 1
fi

# Check file size to ensure it's not just an error page
filesize=$(stat -f%z "$filename")
echo "Downloaded file size: $filesize bytes"

if [[ $filesize -lt 1000000 ]]; then
echo "WARNING: File seems too small for an installer package. It might be an error page."
echo "Content preview:"
head -n 10 "$filename"

# Try an alternative download method
echo "Trying alternative download method..."
rm "$filename"
curl -L -c cookies.txt "https://drive.google.com/uc?export=download&id=$fileid" > confirm_page.html
confirm=$(cat confirm_page.html | grep -o 'confirm=[a-zA-Z0-9_-]*' | head -1 | cut -d= -f2)

if [[ -n "$confirm" ]]; then
echo "Found confirmation code: $confirm"
curl -L -b cookies.txt -o "$filename" "https://drive.google.com/uc?export=download&id=$fileid&confirm=$confirm"
else
echo "Using direct download as fallback..."
curl -L -o "$filename" "https://drive.google.com/uc?export=download&id=$fileid&confirm=t"
fi

rm -f confirm_page.html cookies.txt
fi

# Verify file exists and is a pkg
echo "Verifying downloaded file..."
if [[ -f "$filename" ]]; then
echo "File exists at: $(pwd)/$filename"

# Check if it's actually a PKG file (by magic number/file header)
file_type=$(file -b "$filename")
echo "File type: $file_type"

if [[ "$file_type" == *"xar archive"* ]] || [[ "$file_type" == *"package"* ]]; then
echo "Confirmed package file format"

# Set permissions to ensure installer can read it
chmod 644 "$filename"

# Set Token
echo "$sentinelToken" > /tmp/$TempFolder/com.sentinelone.registration-token

# Install Agent - with full path
full_path="$(pwd)/$filename"
echo "Installing SentinelOne agent from: $full_path"
sudo /usr/sbin/installer -pkg "$full_path" -target /

# Check installation status
if [[ $? -eq 0 ]]; then
echo "Installation completed successfully."
else
echo "Installation failed with error code: $?"
exit 1
fi
else
echo "ERROR: File is not a valid package. Content may be an error page."
exit 1
fi
else
echo "ERROR: File download failed after multiple attempts."
exit 1
fi

# Remove Temp Folder and download
echo "Cleaning up..."
cd /tmp
rm -rf /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"
exit 0

I have confirmed this works on other RMMs and works for Mac.

Token- SentinelOne Token for Site
fileid - this is the end of your google drive file name. https://drive.google.com/file/d/xxxxxxxxxxxxxxxxx/view?
filename- name of the file "xxxxxxx.pkg"

I pray this helps as I have worked for weeks on this

JumpCloud Community

SentinelOne Command install Script Mac + Linux