Capture Client Linux Agent - Useful Commands

Description

This Articles provides some of the Linux useful sentinelctl commands required during Troubleshooting.

Sentinelctl executes actions on an Agent. Please run command only in privilege Mode.

  • Points to consider while running sentinelctl on Linux Agents:
    • Access to sentinelctl requires high privileges. If you log in with root permissions, the syntax is:\
      • sentinelctl section [sub-section] command [value]
    • If you log in as a user, you must run sentinelctl with sudo and the full path: /opt/SentinelOne/bin/. The first time you run a sudo command, you must enter the sudo password. The syntax if you run as a user is:
      • sudo /opt/SentinelOne/bin/sentinelctl section [sub-section] command [value]
    • To run sentinelctl commands on K8s, run:
      • kubectl exec -it <s1-pod> -n SentinelOne sudo /opt/SentinelOne/bin/sentinelctl section [sub-section] command [value]

Note : Commands are case sensitive.

  • Few Useful Commands:
    • control disable | enable

Purpose : To enable/disable the agent. When you disable the Agent, you can identify interoperability issues related to the Agent without uninstalling. 

Synopsis :  sentinelctl control {disable | enable} [--expiration EPOCH_SECONDS] --passphrase PASSPHRASE

Example :

Image

    • control status

Purpose : Shows the processes and PIDs that the Agent runs.

Synopsis : sentinelctl control status

Example :

Image

    • control start

Purpose : Start the Agent.

Synopsis : sentinelctl control start

Example :

Image

    • control stop

Purpose : Stop the Agent.

Synopsis : sentinelctl control stop [--passphrase "passphrase"]

Example : 

Image

    • control Uninstall

Purpose : Uninstall the Agent.

Synopsis : sentinelctl control Uninstall --passphrase "passphrase" [--output] [--unquarantine]

    --passphrase : if you do not give the passphrase in the command, the Agent prompts for it.

    --output : Show the output of Uninstall.

    --unquarantine : Restore quarantined files before Uninstall.

Example: 

Image

    • install (Installing the CC Linux Agent)

Purpose : Install the new Linux CC Agent.

Synopsis : # chmod 777 SonicWall%20Capture%20Client.3.6.30.sh

                 # ./SonicWall%20Capture%20Client.3.6.30.sh

Example: 

Image

  • Others usefull commands:

Image

Related Articles

  • Capture Client - System Requirements
    Read More
  • Capture Client – Migrate local CMC user login to MySonicWall account login
    Read More
  • Integration of CFS 5.0 Support in Capture Client
    Read More

Categories

Endpoint Security
Capture Client
Network
not finding your answers?
Ask the Community