Help

SentinelOne Script (This could apply to any package... but my issue is with S1)

Go to solution
mmolenda
New Contributor III

Posted on ‎11-20-2023 01:07 PM

This is my script I run for new installs:

#!/bin/sh

sudo echo $4 > "/Library/Application Support/JAMF/Waiting Room/com.sentinelone.registration-token"
sudo /usr/sbin/installer -pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-23-1-3-6816_macos_v23_1_3_6816.pkg" -target /

This is my script I run for upgrades:

#!/bin/bash

sudo echo $4 > "/Library/Application Support/JAMF/Waiting Room/com.sentinelone.registration-token"
sudo sentinelctl upgrade-pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-23-1-3-6816_macos_v23_1_3_6816.pkg"

I have two policies.  One that is Cache.  One that is installed Cached.  That is for both scenarios above.  I am getting nothing but failure.

Is that something wrong with the scripts?  I don't have my error messages because I keep flushing them, but the cache one fails but I see where the file fully downloads.  That's all it's supposed to do.  The second script is supposed to install that file.  I used the cached file to manually install SentinelOne.  So, I know it's good.  Even without my error messages, can somebody look at the scripted code and tell me what I can do to fix the scripts?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
stevewood
Honored Contributor II
Honored Contributor II

Posted on ‎11-20-2023 02:18 PM

This is a few years old now, but it worked solid for us. This would be used as an AFTER script on a single policy that CACHED the installer. $4 would be set to our S1 token and $5 would be the name of the package that was cached. This way you didn't have to change the script for each new release.

#!/bin/zsh

log_file=/var/log/all-installSentinelOne-$(date +%Y%m%d-%H%M).log
set -xv; exec 1> $log_file 2>&1

token="$4"
package_name="$5"

serial=$(system_profiler SPHardwareDataType | awk '/Serial\ Number\ \(system\)/ {print $NF}');

xpath() {
    # the xpath tool changes in Big Sur 
    if [[ $(sw_vers -buildVersion) > "20A" ]]; then
        /usr/bin/xpath -e "$@"
    else
        /usr/bin/xpath "$@"
    fi
}

echo "$token" > /Library/Application\ Support/JAMF/Waiting\ Room/com.sentinelone.registration-token
/usr/sbin/installer -pkg /Library/Application\ Support/JAMF/Waiting\ Room/$5 -target /

View solution in original post

7 REPLIES 7

Go to solution
stevewood
Honored Contributor II
Honored Contributor II

Posted on ‎11-20-2023 02:18 PM

This is a few years old now, but it worked solid for us. This would be used as an AFTER script on a single policy that CACHED the installer. $4 would be set to our S1 token and $5 would be the name of the package that was cached. This way you didn't have to change the script for each new release.

#!/bin/zsh

log_file=/var/log/all-installSentinelOne-$(date +%Y%m%d-%H%M).log
set -xv; exec 1> $log_file 2>&1

token="$4"
package_name="$5"

serial=$(system_profiler SPHardwareDataType | awk '/Serial\ Number\ \(system\)/ {print $NF}');

xpath() {
    # the xpath tool changes in Big Sur 
    if [[ $(sw_vers -buildVersion) > "20A" ]]; then
        /usr/bin/xpath -e "$@"
    else
        /usr/bin/xpath "$@"
    fi
}

echo "$token" > /Library/Application\ Support/JAMF/Waiting\ Room/com.sentinelone.registration-token
/usr/sbin/installer -pkg /Library/Application\ Support/JAMF/Waiting\ Room/$5 -target /

Go to solution
mmolenda
New Contributor III
In response to stevewood

Posted on ‎11-21-2023 06:02 AM

That's brilliant.  I will share some screenshots to make sure I'm setting it up like you suggest.  I am only scoping this for new installs by using smart groups.

Screenshot 2023-11-21 at 8.59.56 AM.pngScreenshot 2023-11-21 at 9.00.14 AM.pngScreenshot 2023-11-21 at 9.00.32 AM.png

0 Kudos

Go to solution
stevewood
Honored Contributor II
Honored Contributor II
In response to mmolenda

Posted on ‎11-21-2023 07:33 AM

Be sure to set the package to Cache not Install. You need the package to be in the Waiting Room folder or the install will fail.

And you might want to blur out the key value in parameter 4. Don't really want that to be out in the public.

Go to solution
mmolenda
New Contributor III
In response to stevewood

Posted on ‎11-21-2023 11:52 AM

Thank you.  Thank you.  Thank you.  It worked perfectly today.

I have struggled with the S1 installer for a while now.  Question is now, can the last line of the script be modified for update instead of install?  I am hopeful that S1 will auto-update but I may have to manually push out the update and I know the update command is different than the install command.

0 Kudos

Go to solution
stevewood
Honored Contributor II
Honored Contributor II
In response to mmolenda

Posted on ‎11-27-2023 10:22 AM

@mmolenda yes, if you change that last line to match your upgrade line, it should work. Something like this:

sudo sentinelctl upgrade-pkg "/Library/Application Support/JAMF/Waiting Room/$5"

Obviously, test the heck out of that.

Go to solution
mmolenda
New Contributor III
In response to stevewood

Posted on ‎12-04-2023 09:53 AM

That's working beautifully as well.  Thank you.  My S1 issues have been resolved!

0 Kudos

Go to solution
mmolenda
New Contributor III

Posted on ‎11-21-2023 07:50 AM

Thanks!  I am going to be trying it today.  I don't seem to be able to edit my own posts... that's concerning.

0 Kudos