cancel
Showing results for 
Search instead for 
Did you mean: 

SentinelOne Command install Script Mac + Linux

Fulgubbe
Novitiate III

Here are two install scripts to install SentinelOne Agent with token on Mac and Linux. Run once a day or so. If installed it will exit installer. Mac version can also be used as a PostInstall script in an empty .pkg if you want to utilize Software Management instead.

We use dropbox to store downloads but if you do remember to change download link to ?dl=1 instead of ?dl=0

Mac Script:

 

#!/bin/bash

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.pkg"

#You can put the installer on dropbox or where you prefer.

if [ -d /Applications/SentinelOne/ ];
then
  echo "Already Installed"
  exit 0
else

#Download Agent
curl -L -o /tmp/$pkgName $downloadLink

#Set Token
echo $sentinelToken > /tmp/com.sentinelone.registration-token

#Install Agent
/usr/sbin/installer -pkg /tmp/$pkgName -target /
fi

 

Linux:

 

#!/bin/bash

sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.deb"

#You can put the installer on dropbox or where you prefer.

if [ -d "/opt/sentinelone/" ];
then 
	echo "Already Installed"
  exit 0
else

cd /tmp

#Download Agent
curl -L -o $pkgName $downloadLink

#Install Agent
chmod +x $pkgName
dpkg -i $pkgName

#Set Token
/opt/sentinelone/bin/sentinelctl management token set $sentinelToken

#Start Agent
/opt/sentinelone/bin/sentinelctl control start

fi

 

5 REPLIES 5

Fulgubbe
Novitiate III

Btw you also need a custom PPPC profile for Macs. 

Here is the XML for Agent version 21.7 and Later

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDescription</key>
			<string></string>
			<key>PayloadDisplayName</key>
			<string>Privacy Preferences Policy Control</string>
			<key>PayloadIdentifier</key>
			<string>236FFBB3-159D-4A5F-B146-AAA7BBA11FF0</string>
			<key>PayloadOrganization</key>
			<string>Your Company</string>
			<key>PayloadType</key>
			<string>com.apple.TCC.configuration-profile-policy</string>
			<key>PayloadUUID</key>
			<string>236FFBB3-159D-4A5F-B146-AAA7BBA11FF0</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>Services</key>
			<dict>
				<key>SystemPolicyAllFiles</key>
				<array>
					<dict>
						<key>Allowed</key>
						<integer>1</integer>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>
						<key>Identifier</key>
						<string>com.sentinelone.sentineld</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<integer>0</integer>
					</dict>
					<dict>
						<key>Allowed</key>
						<integer>1</integer>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>
						<key>Identifier</key>
						<string>com.sentinelone.sentineld-helper</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<integer>0</integer>
					</dict>
					<dict>
						<key>Allowed</key>
						<integer>1</integer>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>

						<key>Identifier</key>
						<string>com.sentinelone.sentineld-shell</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<integer>0</integer>
					</dict>
				</array>
			</dict>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Provides access to all disk to Sentinel One processes</string>
	<key>PayloadDisplayName</key>
	<string>SentinelOne - Privacy Control</string>
	<key>PayloadIdentifier</key>
	<string>0F7D9FAD-1257-402C-A942-354723513881</string>
	<key>PayloadOrganization</key>
	<string>Sentinel Labs, Inc.</string>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>5961E10D-A589-4A7E-9790-8F1C55511014</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

can you share instractions how to use it from jupcmloud 

Yes this would be very helpful if possible.

TomBridge
JumpCloud Employee
JumpCloud Employee
  1. Save the XML above into a file called SentinelOnePPPC.mobileconfig.
  2. Login to the JumpCloud Admin Portal.
  3. Click Policy Management.
  4. Click the Green +
  5. Select macOS from the policy types.
  6. Select MDM Custom Configuration Policy.
  7. Upload this file in the custom section.
  8. Apply this policy to your designed scope.

jeff-codecov
Novitiate II

Works perfect, thanks @Fulgubbe !