04-25-2022 03:55 AM - edited 04-25-2022 06:17 AM
Here are two install scripts to install SentinelOne Agent with token on Mac and Linux. Run once a day or so. If installed it will exit installer. Mac version can also be used as a PostInstall script in an empty .pkg if you want to utilize Software Management instead.
We use dropbox to store downloads but if you do remember to change download link to ?dl=1 instead of ?dl=0
Mac Script:
#!/bin/bash
sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.pkg"
#You can put the installer on dropbox or where you prefer.
if [ -d /Applications/SentinelOne/ ];
then
echo "Already Installed"
exit 0
else
#Download Agent
curl -L -o /tmp/$pkgName $downloadLink
#Set Token
echo $sentinelToken > /tmp/com.sentinelone.registration-token
#Install Agent
/usr/sbin/installer -pkg /tmp/$pkgName -target /
fi
Linux:
#!/bin/bash
sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.deb"
#You can put the installer on dropbox or where you prefer.
if [ -d "/opt/sentinelone/" ];
then
echo "Already Installed"
exit 0
else
cd /tmp
#Download Agent
curl -L -o $pkgName $downloadLink
#Install Agent
chmod +x $pkgName
dpkg -i $pkgName
#Set Token
/opt/sentinelone/bin/sentinelctl management token set $sentinelToken
#Start Agent
/opt/sentinelone/bin/sentinelctl control start
fi
04-25-2022 09:09 AM - edited 04-26-2022 04:19 AM
Btw you also need a custom PPPC profile for Macs.
Here is the XML for Agent version 21.7 and Later
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Privacy Preferences Policy Control</string>
<key>PayloadIdentifier</key>
<string>236FFBB3-159D-4A5F-B146-AAA7BBA11FF0</string>
<key>PayloadOrganization</key>
<string>Your Company</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>236FFBB3-159D-4A5F-B146-AAA7BBA11FF0</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<integer>1</integer>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>
<key>Identifier</key>
<string>com.sentinelone.sentineld</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
</dict>
<dict>
<key>Allowed</key>
<integer>1</integer>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>
<key>Identifier</key>
<string>com.sentinelone.sentineld-helper</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
</dict>
<dict>
<key>Allowed</key>
<integer>1</integer>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>
<key>Identifier</key>
<string>com.sentinelone.sentineld-shell</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>Provides access to all disk to Sentinel One processes</string>
<key>PayloadDisplayName</key>
<string>SentinelOne - Privacy Control</string>
<key>PayloadIdentifier</key>
<string>0F7D9FAD-1257-402C-A942-354723513881</string>
<key>PayloadOrganization</key>
<string>Sentinel Labs, Inc.</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>5961E10D-A589-4A7E-9790-8F1C55511014</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
06-30-2022 05:02 PM
can you share instractions how to use it from jupcmloud
07-06-2022 02:06 PM
Yes this would be very helpful if possible.
07-09-2022 11:20 AM
06-21-2022 11:28 AM
Works perfect, thanks @Fulgubbe !
08-10-2022 08:37 AM
Is there something for Macs the above solutions do not work with macs
08-10-2022 08:41 AM
@Franco It works perfectly for me. Can you elaborate on what's not working?
08-10-2022 09:14 AM
The first script does nothing it does not download or install it.
Give no error and no successful message it just has window with its command.
yes the user is admin and yes I spoke to support
The best I can do was create my own custom script
there 2 caveats with my script 1 I need the users password this makes it unscalable and 2nd it will not give it full disk access
Also I can not seem to find very much on how to do this with Windows.
We have about 20% windows
My expectations are that I use a command or policy or both and it works on Mac and iPC I understand it has be one for each but I should be able to run it 1000 times without any user interference or need any thing from them.
08-10-2022 09:38 AM
You need to apply the XML policy to your mac hosts as Tom explains. Then the scripts have three variable at the top that need to be modified. Then run it as root from a command. You don't need to enter any passwords to set full disk access.
It works similarly for Linux, without the need for the XML policy. I don't have windows hosts, so you will have to investigate using a Powershell script for that.
08-10-2022 09:41 AM
I did and it not working
08-10-2022 09:47 AM
As @jeff-codecov mentioned, you need two things to deliver Sentinel One to Macs successfully:
If you supply your own installer, its package name, and licensing info in the command, that command is idempotent (meaning, its results are always the same, no matter the installed state of S1) and can be run as a repeating command.
08-10-2022 09:49 AM - edited 08-10-2022 09:49 AM
I do not know what tell you but yes to all nothing it does not work
08-10-2022 09:55 AM
Sometimes it's helpful to share what you're inputting into the variables in the first three lines of the supplied command. You can sanitize the values by changing the domain to example.com or changing the last digits of the key to XXXXX.
For the Macs that you're installing this on, are you seeing the necessary Full Disk Access profile in the System Preferences > Profiles preference pane?
08-10-2022 10:02 AM - edited 08-10-2022 10:04 AM
I can not do that security reasons why do you tell what to go there
sentinelToken="YOUR SENTINELONE TOKEN GOES HERE" downloadLink="YOUR DOWNLOAD LINK GOES HERE" pkgName="NAME OF YOUR INSTALLER PKG.deb"
I can say
sentenel token is the sentinel token
downlink is our server where sentinelone file to download
pkg name Is the name of sentineone pkg
08-10-2022 10:10 AM
sentinelToken should be self-explanatory. It's the token to assign a new install to your device.
downloadLink is a publicly-accessible URL that contains your Sentinel One installer. A sample would be https://www.example.com/mypackages/installers/sentinelone/sentinelone.deb or https://www.example.com/mypackages/installers/sentinelone/sentinelone.pkg
pkgName would be sentinelone.deb or sentinelone.pkg
08-10-2022 10:12 AM - edited 08-10-2022 10:12 AM
Ok let me try that
08-10-2022 10:18 AM
Nope did not work
08-10-2022 10:19 AM
Can you share the command results, at least?
08-10-2022 10:23 AM
same as above nothing
08-10-2022 11:02 AM - edited 08-10-2022 11:03 AM
are you stump? I still need a solution
08-10-2022 11:07 AM
I've added some output to the script that should be captured by our Commands tools in the Admin Portal. Try including the right items in the variables and then running this command. You should be able to paste the output from the Admin Portal as a response?
#!/bin/bash
sentinelToken="YOUR SENTINELONE TOKEN GOES HERE"
downloadLink="YOUR DOWNLOAD LINK GOES HERE"
pkgName="NAME OF YOUR INSTALLER PKG.deb"
#You can put the installer on dropbox or where you prefer.
echo "Beginning Loop to Check for S1 and Install if not present"
if [ -d "/opt/sentinelone/" ];
then
echo "Already Installed"
exit 0
else
cd /tmp
#Download Agent
curl -L -o $pkgName $downloadLink
echo "Installer Downloaded"
#Install Agent
chmod +x $pkgName
echo "Changing Permissions on Downloaded Package"
dpkg -i $pkgName
echo "Installed Package"
#Set Token
echo "Setting Sentinel One Token"
/opt/sentinelone/bin/sentinelctl management token set $sentinelToken
echo "Token Set"
#Start Agent
echo "Starting Sentinel One Process"
/opt/sentinelone/bin/sentinelctl control start
fi
echo "Loop Complete"
08-10-2022 11:10 AM
that does not work period ok I need working solution.
I assuming it not for jumpcloud to have unsolve issue and this is unsolve.
08-10-2022 11:18 AM
Hi Franco, admin here. The team is doing what they can to help you, but without more information from you, they can only help so much. If you refuse to answer some of the questions, exactly how are they to help you further? We need you to work with us here.
And people are doing this outside of their normal duties, as volunteers (this isn't their actual day job), so I'm asking you to be kind in your responses to the people who are just trying to help you. Even though you're frustrated, they aren't the ones causing the problems you're having at the moment.
Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.
08-10-2022 11:23 AM - edited 08-10-2022 11:27 AM
I gave them answer I told everthing I can no give them security info.
You have look my end if I ask you to give me your information you will not right?
Anything even close to the real information may cause a security issue
I gave him everything else
08-10-2022 11:21 AM
Totally hear that you need a working solution, but it's hard for me to understand where you're getting stuck right now. Our Command results will include everything fed back out to standard out, which will include the echo lines I added to the Command. If nothing's running, there's a bigger problem here. 😞
08-10-2022 11:25 AM
I told you it does not wok I enter that script put the token / pub server and file Yes I include the xml as policy and when I run that command it the result is just a window it does not say succesful it does not say fail it just has the script in the above window with nothing under it.
When look at the test computer it never install the package
08-10-2022 11:37 AM
I manage to get error I delete the bash and policy and when I recreate the policy I get
Unable to save Policy!
failed to insert policy into policy database (org= xxxxxx): failed to prepare policy: prepare failed: profile was not in plist format
08-10-2022 11:46 AM - edited 08-10-2022 11:48 AM
I started over delete both command and policy. Recreated both and this time it does say successful but it did not install SentinelOne on my test client
08-10-2022 11:52 AM - edited 08-10-2022 12:00 PM
found this when I scroll down sorry I did not included above
zsh:31: no such file or directory: /opt/sentinelone/bin/sentinelctl
update also saw this error
command not found: dpkg
08-10-2022 11:58 AM
Can you include the whole command output?
08-10-2022 12:07 PM
sorry not sure what you are asking
I can not give you the entire windows but it goes pass downloading then states
command not found: dpkg. and twice zsh:31: no such file or directory: /opt/sentinelone/bin/sentinelctl
and that where it ends
08-10-2022 12:20 PM
Is it possible in this one you're trying to run the Linux script which uses deb and dpkg to install the app on macOS?
08-10-2022 12:39 PM - edited 08-10-2022 12:43 PM
I delete it and ensure copy mac script and now I get error and the following
#!/bin/bash sentinelToken=“token number” open downloadLink="https://servername.com” pkgName="Sentinel-Release-22-2-3-6268_macos.pkg" #You can put the installer on dropbox or where you prefer. if [ -d /Applications/SentinelOne/ ]; then echo "Already Installed" exit 0 else #Download Agent curl -L -o /tmp/$pkgName $downloadLink #Set Token echo $sentinelToken > /tmp/com.sentinelone.registration-token #Install Agent /usr/sbin/installer -pkg /tmp/$pkgName -target / fi
fyi it does not exist on that mac
forgot to include these errors
curl: (23) Failure writing output to destination
zsh:19: permission denied: /tmp/com.sentinelone.registration-token
08-10-2022 12:50 PM
@Franco You have a few issues. What's the "open" command for? You don't need that. Also you need double brackets for your if statement. Try this:
#!/bin/bash
sentinelToken=“token number”
downloadLink="https://servername.com”
pkgName="Sentinel-Release-22-2-3-6268_macos.pkg"
#You can put the installer on dropbox or where you prefer.
if [[ -d /Applications/SentinelOne/ ]]; then
echo "Already Installed"
exit 0
else
#Download Agent
curl -L -o /tmp/$pkgName $downloadLink
#Set Token
echo $sentinelToken > /tmp/com.sentinelone.registration-token
#Install Agent
/usr/sbin/installer -pkg /tmp/$pkgName -target /
fi
08-10-2022 12:04 PM
Here's my working script. Similar to the one above but setting the token a bit differently. And I curl the binary from a shared Gdrive, so you'll have to modify that part for where you are getting yours from. Hope it helps.
#!/bin/bash
# VARS
###################################################
export sentinelToken=xxxxxxx
export fileid=xxxxxxxx
export filename=xxxxxx
###################################################
# Test if already installed
if [[ -d /Applications/SentinelOne/ ]]
then
echo "S1 Already Installed. Exiting..."
exit 0
fi
# Create Temp Folder
#
DATE=$(date '+%Y-%m-%d-%H-%M-%S')
TempFolder="Download-$DATE"
mkdir /tmp/$TempFolder
# Navigate to Temp Folder
#
cd /tmp/$TempFolder
# Get binary from shared Gdrive
curl -L -c cookies.txt 'https://docs.google.com/uc?export=download&id='$fileid | sed -rn 's/.*confirm=([0-9A-Za-z_]+).*/\1/p' > confirm.txt
curl -L -b cookies.txt -o $filename 'https://docs.google.com/uc?export=download&id='$fileid'&confirm='$(<confirm.txt)
rm -f confirm.txt cookies.txt
DownloadFile="$(ls)"
echo "Downloaded $DownloadFile to /tmp/$TempFolder"
# Verifies PKG File
#
regex='\.pkg$'
if [[ $DownloadFile =~ $regex ]]; then
PKGFile="$(echo "$DownloadFile")"
echo "PKG File Found: $PKGFile"
else
echo "File: $DownloadFile is not a PKG"
rm -r /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"
exit 1
fi
#Set Token
echo $sentinelToken > /tmp/$TempFolder/com.sentinelone.registration-token
#Install Agent
/usr/sbin/installer -pkg /tmp/$TempFolder/$PKGFile -target /Applications
# Remove Temp Folder and download
#
rm -r /tmp/$TempFolder
echo "Deleted /tmp/$TempFolder"
08-10-2022 12:18 PM - edited 08-10-2022 12:19 PM
what is fileid? its that the server name and is expect not install on mac by default? never mind on except just tested and its part of the os
08-10-2022 12:27 PM
The var fileid is for the Gdrive link. You can just delete that if you are getting the binary from a local server or AWS S3 link or whatever.
08-10-2022 01:11 PM - edited 08-10-2022 01:11 PM
@jeff-codecov It gives success but it does not install sentinelone on client are you sure this is for macs?
08-10-2022 04:19 PM
Yep, positive.