SentinelOne Command install Script Mac + Linux
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2022 03:55 AM - edited 04-25-2022 06:17 AM
Here are two install scripts to install SentinelOne Agent with token on Mac and Linux. Run once a day or so. If installed it will exit installer. Mac version can also be used as a PostInstall script in an empty .pkg if you want to utilize Software Management instead.
We use dropbox to store downloads but if you do remember to change download link to ?dl=1 instead of ?dl=0
Mac Script:
#!/bin/bash
sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.pkg"
#You can put the installer on dropbox or where you prefer.
if [ -d /Applications/SentinelOne/ ];
then
echo "Already Installed"
exit 0
else
#Download Agent
curl -L -o /tmp/$pkgName $downloadLink
#Set Token
echo $sentinelToken > /tmp/com.sentinelone.registration-token
#Install Agent
/usr/sbin/installer -pkg /tmp/$pkgName -target /
fi
Linux:
#!/bin/bash
sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.deb"
#You can put the installer on dropbox or where you prefer.
if [ -d "/opt/sentinelone/" ];
then
echo "Already Installed"
exit 0
else
cd /tmp
#Download Agent
curl -L -o $pkgName $downloadLink
#Install Agent
chmod +x $pkgName
dpkg -i $pkgName
#Set Token
/opt/sentinelone/bin/sentinelctl management token set $sentinelToken
#Start Agent
/opt/sentinelone/bin/sentinelctl control start
fi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 12:50 PM
@Franco You have a few issues. What's the "open" command for? You don't need that. Also you need double brackets for your if statement. Try this:
#!/bin/bash
sentinelToken=“token number”
downloadLink="https://servername.com”
pkgName="Sentinel-Release-22-2-3-6268_macos.pkg"
#You can put the installer on dropbox or where you prefer.
if [[ -d /Applications/SentinelOne/ ]]; then
echo "Already Installed"
exit 0
else
#Download Agent
curl -L -o /tmp/$pkgName $downloadLink
#Set Token
echo $sentinelToken > /tmp/com.sentinelone.registration-token
#Install Agent
/usr/sbin/installer -pkg /tmp/$pkgName -target /
fi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 12:04 PM
Here's my working script. Similar to the one above but setting the token a bit differently. And I curl the binary from a shared Gdrive, so you'll have to modify that part for where you are getting yours from. Hope it helps.
#!/bin/bash
# VARS
###################################################
export sentinelToken=xxxxxxx
export fileid=xxxxxxxx
export filename=xxxxxx
###################################################
# Test if already installed
if [[ -d /Applications/SentinelOne/ ]]
then
echo "S1 Already Installed. Exiting..."
exit 0
fi
# Create Temp Folder
#
DATE=$(date '+%Y-%m-%d-%H-%M-%S')
TempFolder="Download-$DATE"
mkdir /tmp/$TempFolder
# Navigate to Temp Folder
#
cd /tmp/$TempFolder
# Get binary from shared Gdrive
curl -L -c cookies.txt 'https://docs.google.com/uc?export=download&id='$fileid | sed -rn 's/.*confirm=([0-9A-Za-z_]+).*/\1/p' > confirm.txt
curl -L -b cookies.txt -o $filename 'https://docs.google.com/uc?export=download&id='$fileid'&confirm='$(<confirm.txt)
rm -f confirm.txt cookies.txt
DownloadFile="$(ls)"
echo "Downloaded $DownloadFile to /tmp/$TempFolder"
# Verifies PKG File
#
regex='\.pkg$'
if [[ $DownloadFile =~ $regex ]]; then
PKGFile="$(echo "$DownloadFile")"
echo "PKG File Found: $PKGFile"
else
echo "File: $DownloadFile is not a PKG"
rm -r /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"
exit 1
fi
#Set Token
echo $sentinelToken > /tmp/$TempFolder/com.sentinelone.registration-token
#Install Agent
/usr/sbin/installer -pkg /tmp/$TempFolder/$PKGFile -target /Applications
# Remove Temp Folder and download
#
rm -r /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 12:18 PM - edited 08-10-2022 12:19 PM
what is fileid? its that the server name and is expect not install on mac by default? never mind on except just tested and its part of the os
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 12:27 PM
The var fileid is for the Gdrive link. You can just delete that if you are getting the binary from a local server or AWS S3 link or whatever.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 01:11 PM - edited 08-10-2022 01:11 PM
@jeff-codecov It gives success but it does not install sentinelone on client are you sure this is for macs?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 04:19 PM
Yep, positive.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 01:18 PM - edited 08-10-2022 01:19 PM
@jeff-codecov top windows states succesful bottom section I get this error
Downloaded SentinelOne.pkg to /tmp/Download-2022-08-10-13-16-03
PKG File Found: SentinelOne.pkg
installer: Error - the package path specified was invalid: '/tmp/Download-2022-08-10-13-16-03/Sen
tinelOne.pkg'.
Deleted /tmp/Download-2022-08-10-13-16-03
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 1642 0 1642 0 0 9688 0 --:--:-- --:--:-- --:--:-- 9951
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 1642 0 1642 0 0 11309 0 --:--:-- --:--:-- --:--:-- 12162
it does not instal sentielone on mac
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 01:50 PM - edited 08-10-2022 01:52 PM
I used @TomBridge script but replace from drop box to gdrive
and get error zsh:19: permission denied: /tmp/com.sentinelone.registration-token
I am 100 percent that it is the correct token
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 02:44 PM
Permissions denied means that the file isn't readable. That usually means you need to chmod 777 the file and then clean it up when you're done?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 02:52 PM - edited 08-10-2022 02:52 PM
it you script everything is the same all I ddi was change the downlink from drpbox server to gdrive
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 04:26 PM
- Are you sure when you created the command you selected the right "Type" in the UI? You need to select "Mac".
- Please share your script (minus the tokenid, etc). It's easier to help if we can see the code, or if it's someone else's code and you modified it perhaps, we need to see that.
- Please share the full command result output (minus any sensitive data).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2022 08:47 AM - edited 08-11-2022 08:49 AM
Jason from jumpcloud gave me the solution its tom scrip but I had to end 1 at the end of dropbox link
When I copy that long link its has 0 at the end change that to 1 and everything else @TomBridge script works
I want to thank Tom and Jeff in assisting me
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2022 08:54 AM
My pleasure!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2022 02:45 PM
@TomBridge we are working on sentinelone deployment now! for the xml file, what, if any, do we need to update
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2022 02:49 PM
We'd like to deploy this as silent and user intervention-free as possible so we're hoping the full disk access is something we can really automate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2022 03:53 PM
Hey Chris!
We've got a Mac Command for Sentinel One and a Windows Command for Sentinel One.
In addition there's a new policy for Sentinel One for macOS Devices:
That should get you everything you need!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2022 02:51 PM
For windows we got an exit code 124, any ideas @TomBridge ?
The Mac command and silent install using the policy worked great.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2022 05:32 PM
Set the command to a longer execution time, @chrisfrieberg ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2022 05:17 PM
So I attempted to use the install script for sentinelone and I got an error. Exit code 1.
It says in the log
PKG File Found:xxxxxxxx
Package is unsigned. Exiting....
Could not open package: senitnel-Release-xxxxxxxxxxx
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2022 05:21 PM
The package for Sentinel One must be a codesigned package from Sentinel One.