התקנת קליינט סנטינל וואן על לינוקס - Installing SentinelOne Agent on Linux


התקנת קליינט סנטינל וואן על לינוקס - Installing SentinelOne Agent on Linux

 

חשוב:

The Linux Agent is not supported on nodes on containers (Kubernetes, OpenShift). To protect containers with SentinelOne.
 

התקנה והפצת התקנת sentinelone באמצעות קובץ קונפיגורציה 
 

Management: North Pole, Olympus

Agents: Linux 21.5+ | K8s 21.5+

Version 21.5 of the Linux Agent supports an easier deployment. Rather than run the commands to install, associate, activate, and then set a proxy, you can set one configuration file to use these variables.
 

To apply easy deployment with a configuration file:

Create a configuration file with the installation parameters, each on a separate line.

Example:

  1. S1_AGENT_MANAGEMENT_PROXY=http://10.10.10.10:1111 S1_AGENT_DV_PROXY=http://192.0.2.0:1111 S1_AGENT_MANAGEMENT_TOKEN=eyJ1cmwiOiAiaHR0cHM6Ly91c2VhMS1zdXBwb3J0My5zZW5 S1_AGENT_AUTO_START=true S1_AGENT_CUSTOMER_ID="Custom value here" S1_AGENT_CREATE_USER=false S1_AGENT_CUSTOM_INSTALL_PATH=/custom/install/path/ S1_AGENT_DEVICE_TYPE=server

Example with subset:

  1. S1_AGENT_MANAGEMENT_TOKEN=eyJ1cmwiOiAiaHR0cHM6Ly91c2VhMS1zdXBwb3J0My5zZW5 S1_AGENT_AUTO_START=true

Save the file and copy it to the Linux endpoint.

Export one environment variable that defines the absolute path to the configuration file.

Example:

  1. export S1_AGENT_INSTALL_CONFIG_PATH="/tmp/config.cfg"

Install the package with the package manager.

RPM: rpm -i --nodigest  package_pathname

DEB: dpkg -i package_pathname


 

Important Notes for RPM:

RPM installation requires the --nodigest switch. If you run the RPM command without the --nodigest switch, an error shows: Package SentinelAgent_linux_version does not verify: no digest.

Example of the Linux Agent Configuration File usage:

[[email protected] ~]# rpm -i --nodigest /home/user/SentinelAgent_Linux_21_5_3_2_x86_64-release-v21.5.3.rpm Setting registration token... Registration token successfully set Setting management device type... Device type successfully set Setting customer ID... Customer ID successfully set Starting agent... Agent is running

Valid Parameters of Agent Deployment Configuration

פרמטריםערכיםתיאור והערות
S1_AGENT_MANAGEMENT_PROXYhttp://URL | IP address :portIf there is a proxy server between the Agent and the Management, enter the proxy URL (or IP address) and the proxy port.
S1_AGENT_DV_PROXY

From Agent version 21.5.3:

If there is a proxy server between the Agent and the Deep Visibility service, enter the proxy URL (or IP address) and the port.

S1_AGENT_MANAGEMENT_TOKENGetting a SentinelOne Site or Group TokenThis string associates the Agent with the default group of a Site or with a specific group.
S1_AGENT_DEVICE_TYPEserver | desktopDefine the endpoint as a server or desktop.
S1_AGENT_AUTO_STARTtrue | false

If set to true, the Agent starts automatically and immediately after deployment.

If false (default), run the command to start the Agent:sentinelctl control start

S1_AGENT_CUSTOMER_IDstring

Your customer ID as set in: sentinelctl management customer_id set 

For more information, see Creating a user-defined SentinelOne endpoint ID.

S1_AGENT_CUSTOM_INSTALL_PATHlocal path

From Agent version 21.5.2:

Change the installation (and all recursive paths, such as logs) to a different path.

The Agent will create a symlink from your custom path to /opt/sentinelone.

S1_AGENT_CREATE_USERtrue | false

If true (default), the Agent creates the sentinelone user and group when it is installed.

If set to false, you must manually create a user and group with these conditions:

User home directory is /opt/sentinelone/home (or the path you set for custom installation)

User and group are sentinelone

User login binary is nologin (We do not allow user login to the sentinelone user)

Example to create a user: sudo useradd -r -U -d "/opt/sentinelone/home" -s /usr/sbin/nologin "sentinelone".

 

Linux Agent התקנת

The Agent never requires a reboot of Linux endpoints.

Best Practice: Make sure the endpoint does NOT reboot before you complete the full installation, association, and activation.

להתקנת sentinelone על לינוקס:

Download the package.

The Linux Agent uses standard Linux packaging formats: RPM and DEB.

RPM: CentOS, RHEL, Oracle, Amazon, SUSE, openSUSE, and Fedora.

DEB: Debian and Ubuntu.

Log in as a privileged user, or run the next command with sudo.

Run the installation command:

Package formatCommand
RPMrpm -i --nodigest package_pathname
DEBdpkg -i package_pathname

Important Notes for RPM:

RPM installation requires the --nodigest switch. If you run the RPM command without the --nodigest switch, an error shows: Package SentinelAgent_linux_version does not verify: no digest.

If you use yum install on RHEL 8.2, the signed RPM installer is required.

Associate the Agent with your Management and a Site.

Activate the Agent.

When the installation completes, the files are extracted to the correct paths, and SentinelOne Agent services are ready. But the Agent does not start until it is configured and explicitly activated.

 

שיוך קובץ קליינט התקנה sentinelone

Every Agent belongs to a Site of a specific Management Console. If an installed Agent package is not bound to a specific Site, your Management Console cannot manage the Agent.

If you do not use a configuration, you must use these steps.

To get the Site Token:

Click Scope and select a scope.

  1. Select one Site. If you are in any other scope, the Site Token does not show.

 

  1. User-added image

In the sidebar, click Sentinels.

 

 

In the Sentinels toolbar, click Site Info.

  1. User-added image

In the Site Token section, click Copy.

  1. User-added image

On the Linux endpoint, as a privileged user, run this command with the Site Token that you copied:

  1. sudo /opt/sentinelone/bin/sentinelctl management token set site_token

Or, you can save the Site Token string in a plain text file and call a command to read the file. For example:

  1. sudo /opt/sentinelone/bin/sentinelctl management token set $(cat /media/user/Downloads/site-key)

Expect this command to complete in seconds.

# sentinelctl management token set eyJ1cmwiOiAiaHR0cHM6Ly9leGF6ICIxMjMifQ== Setting registration token... Registration token successfully set
 

הפעלת תוכנת sentinelone

If you do not use a configuration, you must use these steps.

If you are on a master image, do not use these steps on the master. Run this command only on the clones.

When the Agent is installed and associated with the correct Console and Site, activate it:

sudo /opt/sentinelone/bin/sentinelctl control start

When you run the start command, the Agent service loads, and the Console gives the Agent a UUID. If you reboot the Linux endpoint without this command, the Agent service loads, but there can be issues with the UUID, especially if the Agent is created from a master image.

Expect this command to complete in seconds. It will show:

Starting agent... Agent is running

The Agent shows in the Console.

Optional: To see the UUID:

# sudo /opt/sentinelone/bin/sentinelctl management uuid get
 

Agent Installation and Activation on Master Images and Provisioning Clones

חשוב

If you install the Agent on a master image:

Do not activate the Agent on the master image.

Do not start or restart the Linux endpoint until you have the final image.

 

להתקנה על image מאסטר sentinelone

Run the DEB or RPM installation command on the master image.

Associate the Agent with the site.

Finalize the master image.

Each Agent in the Console has a UUID. If you activate the Agent on the master or restart the master, a UUID is created and duplicated on the clones. Duplicate UUIDs cause errors in functionality and management abilities.

Create the clones from the master image.

Activate each Agent.

The Linux Agent starts with OS bootup and generates its UUID.

Note: Each Agent UUID is unique. The Agent does not use OS configuration values to generate the UUID.

Troubleshooting. If you did not follow this procedure correctly and the UUID is duplicated, reset the UUID on each clone:

sudo /opt/sentinelone/bin/sentinelctl management uuid reset

Or on the Console: In Sentinels > Endpoints, select the Agents and click Actions > Randomize Uuid.


 

יש לכם שאלות נוספות ?

שלחו מייל [email protected]

צריכים פרויקט הטמעת סנטינל וואן בחברה שלכם ?

מעוניינים בהטמעה מקצועית על ידי הטכנאים שלנו לחצו לקבלת הצעת מחיר
© כל הזכויות שמורות לאיי.פי מחשבים בע"מ 2003-2021, משווקת SentinelOne בישראל. סימנים מסחריים אשר בשימוש באתר זה הינם סימנים מסחריים או מותגים רשומים של SentinelOne.