חשוב:
The Linux Agent is not supported on nodes on containers (Kubernetes, OpenShift). To protect containers with SentinelOne.
התקנה והפצת התקנת sentinelone באמצעות קובץ קונפיגורציה
Management: North Pole, Olympus
Agents: Linux 21.5+ | K8s 21.5+
Version 21.5 of the Linux Agent supports an easier deployment. Rather than run the commands to install, associate, activate, and then set a proxy, you can set one configuration file to use these variables.
To apply easy deployment with a configuration file:
Create a configuration file with the installation parameters, each on a separate line.
Example:
- S1_AGENT_MANAGEMENT_PROXY=http://10.10.10.10:1111 S1_AGENT_DV_PROXY=http://192.0.2.0:1111 S1_AGENT_MANAGEMENT_TOKEN=eyJ1cmwiOiAiaHR0cHM6Ly91c2VhMS1zdXBwb3J0My5zZW5 S1_AGENT_AUTO_START=true S1_AGENT_CUSTOMER_ID="Custom value here" S1_AGENT_CREATE_USER=false S1_AGENT_CUSTOM_INSTALL_PATH=/custom/install/path/ S1_AGENT_DEVICE_TYPE=server
Example with subset:
- S1_AGENT_MANAGEMENT_TOKEN=eyJ1cmwiOiAiaHR0cHM6Ly91c2VhMS1zdXBwb3J0My5zZW5 S1_AGENT_AUTO_START=true
Save the file and copy it to the Linux endpoint.
Export one environment variable that defines the absolute path to the configuration file.
Example:
- export S1_AGENT_INSTALL_CONFIG_PATH="/tmp/config.cfg"
Install the package with the package manager.
RPM: rpm -i --nodigest package_pathname
DEB: dpkg -i package_pathname
Important Notes for RPM:
RPM installation requires the --nodigest switch. If you run the RPM command without the --nodigest switch, an error shows: Package SentinelAgent_linux_version does not verify: no digest.
Example of the Linux Agent Configuration File usage:
[root@localhost ~]# rpm -i --nodigest /home/user/SentinelAgent_Linux_21_5_3_2_x86_64-release-v21.5.3.rpm Setting registration token... Registration token successfully set Setting management device type... Device type successfully set Setting customer ID... Customer ID successfully set Starting agent... Agent is running
Valid Parameters of Agent Deployment Configuration
פרמטרים | ערכים | תיאור והערות |
---|---|---|
S1_AGENT_MANAGEMENT_PROXY | http://URL | IP address :port | If there is a proxy server between the Agent and the Management, enter the proxy URL (or IP address) and the proxy port. |
S1_AGENT_DV_PROXY | From Agent version 21.5.3: If there is a proxy server between the Agent and the Deep Visibility service, enter the proxy URL (or IP address) and the port. | |
S1_AGENT_MANAGEMENT_TOKEN | Getting a SentinelOne Site or Group Token | This string associates the Agent with the default group of a Site or with a specific group. |
S1_AGENT_DEVICE_TYPE | server | desktop | Define the endpoint as a server or desktop. |
S1_AGENT_AUTO_START | true | false | If set to true, the Agent starts automatically and immediately after deployment. If false (default), run the command to start the Agent:sentinelctl control start |
S1_AGENT_CUSTOMER_ID | string | Your customer ID as set in: sentinelctl management customer_id set For more information, see Creating a user-defined SentinelOne endpoint ID. |
S1_AGENT_CUSTOM_INSTALL_PATH | local path | From Agent version 21.5.2: Change the installation (and all recursive paths, such as logs) to a different path. The Agent will create a symlink from your custom path to /opt/sentinelone. |
S1_AGENT_CREATE_USER | true | false | If true (default), the Agent creates the sentinelone user and group when it is installed. If set to false, you must manually create a user and group with these conditions: User home directory is /opt/sentinelone/home (or the path you set for custom installation) User and group are sentinelone User login binary is nologin (We do not allow user login to the sentinelone user) Example to create a user: sudo useradd -r -U -d "/opt/sentinelone/home" -s /usr/sbin/nologin "sentinelone". |
Linux Agent התקנת
The Agent never requires a reboot of Linux endpoints.
Best Practice: Make sure the endpoint does NOT reboot before you complete the full installation, association, and activation.
להתקנת sentinelone על לינוקס:
Download the package.
The Linux Agent uses standard Linux packaging formats: RPM and DEB.
RPM: CentOS, RHEL, Oracle, Amazon, SUSE, openSUSE, and Fedora.
DEB: Debian and Ubuntu.
Log in as a privileged user, or run the next command with sudo.
Run the installation command:
Package format | Command |
---|---|
RPM | rpm -i --nodigest package_pathname |
DEB | dpkg -i package_pathname |
Important Notes for RPM:
RPM installation requires the --nodigest switch. If you run the RPM command without the --nodigest switch, an error shows: Package SentinelAgent_linux_version does not verify: no digest.
If you use yum install on RHEL 8.2, the signed RPM installer is required.
Associate the Agent with your Management and a Site.
Activate the Agent.
When the installation completes, the files are extracted to the correct paths, and SentinelOne Agent services are ready. But the Agent does not start until it is configured and explicitly activated.
שיוך קובץ קליינט התקנה sentinelone
Every Agent belongs to a Site of a specific Management Console. If an installed Agent package is not bound to a specific Site, your Management Console cannot manage the Agent.
If you do not use a configuration, you must use these steps.
To get the Site Token:
Click Scope and select a scope.
- Select one Site. If you are in any other scope, the Site Token does not show.
In the sidebar, click Sentinels.
In the Sentinels toolbar, click Site Info.
In the Site Token section, click Copy.
On the Linux endpoint, as a privileged user, run this command with the Site Token that you copied:
- sudo /opt/sentinelone/bin/sentinelctl management token set site_token
Or, you can save the Site Token string in a plain text file and call a command to read the file. For example:
- sudo /opt/sentinelone/bin/sentinelctl management token set $(cat /media/user/Downloads/site-key)
Expect this command to complete in seconds.
# sentinelctl management token set eyJ1cmwiOiAiaHR0cHM6Ly9leGF6ICIxMjMifQ== Setting registration token... Registration token successfully set
הפעלת תוכנת sentinelone
If you do not use a configuration, you must use these steps.
If you are on a master image, do not use these steps on the master. Run this command only on the clones.
When the Agent is installed and associated with the correct Console and Site, activate it:
sudo /opt/sentinelone/bin/sentinelctl control start
When you run the start command, the Agent service loads, and the Console gives the Agent a UUID. If you reboot the Linux endpoint without this command, the Agent service loads, but there can be issues with the UUID, especially if the Agent is created from a master image.
Expect this command to complete in seconds. It will show:
Starting agent... Agent is running
The Agent shows in the Console.
Optional: To see the UUID:
# sudo /opt/sentinelone/bin/sentinelctl management uuid get
Agent Installation and Activation on Master Images and Provisioning Clones
חשוב
If you install the Agent on a master image:
Do not activate the Agent on the master image.
Do not start or restart the Linux endpoint until you have the final image.
להתקנה על image מאסטר sentinelone
Run the DEB or RPM installation command on the master image.
Associate the Agent with the site.
Finalize the master image.
Each Agent in the Console has a UUID. If you activate the Agent on the master or restart the master, a UUID is created and duplicated on the clones. Duplicate UUIDs cause errors in functionality and management abilities.
Create the clones from the master image.
Activate each Agent.
The Linux Agent starts with OS bootup and generates its UUID.
Note: Each Agent UUID is unique. The Agent does not use OS configuration values to generate the UUID.
Troubleshooting. If you did not follow this procedure correctly and the UUID is duplicated, reset the UUID on each clone:
sudo /opt/sentinelone/bin/sentinelctl management uuid reset
Or on the Console: In Sentinels > Endpoints, select the Agents and click Actions > Randomize Uuid.