Skip to main content

Has anyone found an easy way to deploy the Rapid7 Mac Insight Agent using Jamf

Yes, but I use a script that starts either the ARM or Intel PKG Installation.


In Parameter 4 and 5 of the script is the input field for the Token and Rapid7 Installer Version.


#!/bin/bash

SystemArch=$(/usr/bin/arch)
echo "### SystemArch - $SystemArch #####"
sleep 2

# Rapid7 Token can be found in Parameter 4
echo "### Token: $4 #####"
sleep 2

# Rapid7 Path - Version can be found in Parameter 5
Rapid7Path="/opt/rapid7/ir_agent/components/insight_agent/$5/"
echo "### Rapid7Path - $Rapid7Path #####"
sleep 2

# Start Rapid7 Installer via Script
if [ "$SystemArch" == "arm64" ]; then
echo "### Apple Silicon Detected #####"
/usr/local/bin/jamf policy -event Rapid7-ARM
sleep 2
else
echo "### Intel Detected #####"
/usr/local/bin/jamf policy -event Rapid7-X86
sleep 2
fi
sudo -s $Rapid7Path/./configure_agent.sh --token $4 --start && echo "### Rapid7 Config Script Start #####"

# List Folder Content of Rapid7Path
echo "### List of Rapid7Path
$(ls -l $Rapid7Path)
#####"
sleep 2

# Finish Script
echo "### Jamf Recon - Start #####"
/usr/local/bin/jamf recon && echo "### Jamf Recon - Completed #####"
sleep 2

Thank you. I just couldn't get this script to work with another parameter for --attributes. I have 50 companies each with a different attribute so it would have been nice to get this one to work. I had to create a Composer package for each company. Here is the postinstall script I used.

 

#!/bin/sh
## postinstall

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

arch=$(/usr/bin/arch)

if [ "$arch" == "arm64" ]; then
echo "Apple Silicon Detected"
installer -pkg /private/tmp/rapid7/rapid7-insight-agent-4.0.9.38-1.arm64.pkg -target /
else
echo "Intel Detected"
installer -pkg /private/tmp/rapid7/rapid7-insight-agent-4.0.9.38-1.x86_64.pkg -target /
fi

# Configure agent

/opt/rapid7/ir_agent/components/insight_agent/4.0.9.38/configure_agent.sh --token=us:TOKEN --attributes "ATTRIBUTES" --start

# Detect Rapid7 is running

if pgrep -x "ir_agent" >/dev/null; then
echo "Install Successful"
# Clean Up
rm -rf /private/tmp/rapid7
exit 0
else
echo "Install Failed"
# Clean Up
rm -rf /private/tmp/rapid7
exit 1
fi



exit 0 ## Success
exit 1 ## Failure

 

 


Thank you. I just couldn't get this script to work with another parameter for --attributes. I have 50 companies each with a different attribute so it would have been nice to get this one to work. I had to create a Composer package for each company. Here is the postinstall script I used.

 

#!/bin/sh
## postinstall

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

arch=$(/usr/bin/arch)

if [ "$arch" == "arm64" ]; then
echo "Apple Silicon Detected"
installer -pkg /private/tmp/rapid7/rapid7-insight-agent-4.0.9.38-1.arm64.pkg -target /
else
echo "Intel Detected"
installer -pkg /private/tmp/rapid7/rapid7-insight-agent-4.0.9.38-1.x86_64.pkg -target /
fi

# Configure agent

/opt/rapid7/ir_agent/components/insight_agent/4.0.9.38/configure_agent.sh --token=us:TOKEN --attributes "ATTRIBUTES" --start

# Detect Rapid7 is running

if pgrep -x "ir_agent" >/dev/null; then
echo "Install Successful"
# Clean Up
rm -rf /private/tmp/rapid7
exit 0
else
echo "Install Failed"
# Clean Up
rm -rf /private/tmp/rapid7
exit 1
fi



exit 0 ## Success
exit 1 ## Failure

 

 


Thank you @dwynn!!! This helped! On another note, do y'all have a Uninstall Script for Rapid7?

Rapid7 offers this command (sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh). I'm thinking of creating a Policy and adding the command to "Files and Processes". 


Thank you @dwynn!!! This helped! On another note, do y'all have a Uninstall Script for Rapid7?

Rapid7 offers this command (sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh). I'm thinking of creating a Policy and adding the command to "Files and Processes". 


I haven't tested this but here is the command from Rapid7 Documentation:

 

Uninstall .pkg installer Insight Agents

sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh

I haven't tested this but here is the command from Rapid7 Documentation:

 

Uninstall .pkg installer Insight Agents

sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh

Uninstall without prompt. Useful for automation


sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh -f

 


Reply