Hey all, i created this because no where else did i see assistance for this...so here is my 2cents to the online community
For sentinel one, you MUST have a registration token file on \tmp before you install the SentinelOne package that contains your tenant information. You cant do it reliable with Intune’s systems so you have to create a custom package that does it for you. These are the steps to do so.
For the Token file, I’ve used the placeholder XYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXY. You can get the token from your Cyber Security
Download to your computer the sentinel one package. Keep it in downloads. Anywhere in this document where you see “Sentinel-Release-25-3-4-8365_macos_v25_3_4_8365.pkg”, you will need to replace this location with the filename that you downloaded.
Open terminal and run this command (This makes the downloaded file trusted)
| xattr -dr com.apple.quarantine ~/Downloads/Sentinel-Release-25-3-4-8365_macos_v25_3_4_8365.pkg |
|---|
- Run this next (This creates the folder structure for the project)
| rm -rf ~/S1Build mkdir -p ~/S1Build/payload/tmp mkdir ~/S1Build/scripts cd ~/S1Build |
|---|
4. run this next (This copies the sentinel one pkg to the project folders we just created)
| cp ~/Downloads/Sentinel-Release-25-3-4-8365_macos_v25_3_4_8365.pkg payload/tmp/s1.pkg |
|---|
5. Run this next (This creates the token file in the /tmp directory for SentinelOne to access)
| cat <<EOF > payload/tmp/com.sentinelone.registration-token XYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXY EOF |
|---|
6.Run this next (This opens the PICO interface so you can make a script)
| nano scripts/postinstall |
|---|
8. in the new interface, copy/paste this, and press command X and then Y to confirm, and press enter to exit the PICO window
| #!/bin/bash LOG="/var/log/s1-install.log" echo "===== SentinelOne Install Start =====" >> "$LOG" date >> "$LOG" INSTALLER="/tmp/s1.pkg" TOKEN="/tmp/com.sentinelone.registration-token" echo "Checking files..." >> "$LOG" if [ ! -f "$INSTALLER" ]; then echo "ERROR: Missing installer at $INSTALLER" >> "$LOG" exit 1 fi if [ ! -f "$TOKEN" ]; then echo "ERROR: Missing token file at $TOKEN" >> "$LOG" exit 1 fi echo "Files found. Running installer..." >> "$LOG" /usr/sbin/installer -pkg "$INSTALLER" -target / >> "$LOG" 2>&1 RESULT=$? echo "Installer exit code: $RESULT" >> "$LOG" if [ $RESULT -ne 0 ]; then echo "ERROR: SentinelOne install failed" >> "$LOG" exit 1 fi echo "Cleaning up..." >> "$LOG" rm -f "$INSTALLER" rm -f "$TOKEN" echo "SUCCESS: Install completed" >> "$LOG" exit 0 |
|---|
9. Run this (This modifies the permissions on the pkg)
| chmod +x scripts/postinstall |
|---|
10. Run this (This is where you ACTUALLY build the pkg)
| pkgbuild \ --root payload \ --scripts scripts \ --identifier com.company.sentinelone \ --version 1.0 \ --install-location / \ S1.pkg |
|---|
11. Run this (verify the package is bigger than the original sentinel one package)
| ls -lh S1.pkg |
|---|
You should now have a S1.pkg file in your documents folder which is the installer that will place the token file, and then install sentinel one.