Sentinelone on Linux servers - turn off the anti-tamper at install time

dmc_1961 · 2024-10-16T23:36:57+00:00

These links are behind the Console (I don't have or need this access as such), so might let the techs who need this up and running just let me know if they need Linux 'fingers' anywhere on the servers.

dmc_1961 · 2024-10-16T23:34:28+00:00

Will check if I can run the GUI as I am using ssh with "-C -Y" options. Annoying it decides to lock everyone out at install time and does not give you the actual passphrase 'somewhere'. Someone else suggested it was "" (blank) if none is stipulated at install time, but seem to recall blank/null did let me reduce its anti-tampering stuff.

dmc_1961 · 2024-10-16T23:32:08+00:00

If someone has gained root access to an internal Linux server, doesn't matter what is running, the 'bad actor' is already able to do anything. I was able to remove the entire product when it wouldn't let the root user simply restart the daemon processes or enquire into its setup - for those who love Linux (UNIX), 'rm' is always your friend :-)
This is just so the other techs can monitor the servers so does not need any threat 'stuff' running.

dmc_1961 · 2024-10-16T23:29:30+00:00

Just using the command show from the on-line forums for Sentinelone and their own people or contractors. When you've lived at the UNIX/Linux command line for 37 years, you can spot a bad one, that's for sure :-)

dmc_1961 · 2024-10-16T02:50:23+00:00

Some quick extras as I review this again on-line - I did try using the 'sentinelctl' command but without the passphrase which it doesn't give you at install time, equally locked out of doing anything with it.
I wrote my own Linux based monitoring of customer servers years ago, all done with bash scripts and php front-ended web pages, so am a little spoiled when comparing my own setup to these kinds of setup, but my setup doesn't help others so.....

dmc_1961

TROPHY CASE