There isn’t much worklet examples for Linux so I will place this here.
Thanks @ncaraway for Install CylanceProtect on Macs it was good guidance.
Evaluation Code (could be done different)
#!/bin/bash
#evaluate the device to see if the Sentinel One service is running
#service running exit with a 0
#service not running exit with a 1
sentinelctl version | grep 'Agent version'
if [[ $? = "Agent Version: 21.6.3.7" ]]; then
exit 0
else
exit 1
fi
Remediation Code
#!/bin/bash
#copy the files to the /tmp directory of the device
scp SentinelAgent_linux_v21_6_3_7.deb /tmp
#run installation of Sentinel One on the device. error logs are output to /tmp/s1install.log
sudo dpkg -i /tmp/SentinelAgent_linux_v21_6_3_7.deb 2> /tmp/s1linux.log &
process_id=$!
wait $process_id
sudo /opt/sentinelone/bin/sentinelctl management token set YOURTOKENHERE
sudo /opt/sentinelone/bin/sentinelctl control start
#check to ensure the S1 service is running to verify installation was successful
sentinelctl version
if [[ $? = "SentinelOne 21.6.3.7" ]]; then
exit 0
else
exit 1
fi
Place your token in YOURTOKENHERE
