Has anyone found an easy way to deploy the Rapid7 Mac Insight Agent using Jamf
Page 3 / 3
Yes, but I use a script that starts either the ARM or Intel PKG Installation.
In Parameter 4 and 5 of the script is the input field for the Token and Rapid7 Installer Version.
#!/bin/bash
SystemArch=$(/usr/bin/arch)
echo "### SystemArch - $SystemArch #####"
sleep 2
# Rapid7 Token can be found in Parameter 4
echo "### Token: $4 #####"
sleep 2
# Rapid7 Path - Version can be found in Parameter 5
Rapid7Path="/opt/rapid7/ir_agent/components/insight_agent/$5/"
echo "### Rapid7Path - $Rapid7Path #####"
sleep 2
# Start Rapid7 Installer via Script
if [ "$SystemArch" == "arm64" ]; then
echo "### Apple Silicon Detected #####"
/usr/local/bin/jamf policy -event Rapid7-ARM
sleep 2
else
echo "### Intel Detected #####"
/usr/local/bin/jamf policy -event Rapid7-X86
sleep 2
fi
sudo -s $Rapid7Path/./configure_agent.sh --token $4 --start && echo "### Rapid7 Config Script Start #####"
# List Folder Content of Rapid7Path
echo "### List of Rapid7Path
$(ls -l $Rapid7Path)
#####"
sleep 2
# Finish Script
echo "### Jamf Recon - Start #####"
/usr/local/bin/jamf recon && echo "### Jamf Recon - Completed #####"
sleep 2
Thank you. I just couldn't get this script to work with another parameter for --attributes. I have 50 companies each with a different attribute so it would have been nice to get this one to work. I had to create a Composer package for each company. Here is the postinstall script I used.
#!/bin/sh
## postinstall
pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3
arch=$(/usr/bin/arch)
if [ "$arch" == "arm64" ]; then
echo "Apple Silicon Detected"
installer -pkg /private/tmp/rapid7/rapid7-insight-agent-4.0.9.38-1.arm64.pkg -target /
else
echo "Intel Detected"
installer -pkg /private/tmp/rapid7/rapid7-insight-agent-4.0.9.38-1.x86_64.pkg -target /
fi
# Configure agent
/opt/rapid7/ir_agent/components/insight_agent/4.0.9.38/configure_agent.sh --token=us:TOKEN --attributes "ATTRIBUTES" --start
# Detect Rapid7 is running
if pgrep -x "ir_agent" >/dev/null; then
echo "Install Successful"
# Clean Up
rm -rf /private/tmp/rapid7
exit 0
else
echo "Install Failed"
# Clean Up
rm -rf /private/tmp/rapid7
exit 1
fi
exit 0 ## Success
exit 1 ## Failure
Thank you. I just couldn't get this script to work with another parameter for --attributes. I have 50 companies each with a different attribute so it would have been nice to get this one to work. I had to create a Composer package for each company. Here is the postinstall script I used.
#!/bin/sh
## postinstall
pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3
arch=$(/usr/bin/arch)
if [ "$arch" == "arm64" ]; then
echo "Apple Silicon Detected"
installer -pkg /private/tmp/rapid7/rapid7-insight-agent-4.0.9.38-1.arm64.pkg -target /
else
echo "Intel Detected"
installer -pkg /private/tmp/rapid7/rapid7-insight-agent-4.0.9.38-1.x86_64.pkg -target /
fi
# Configure agent
/opt/rapid7/ir_agent/components/insight_agent/4.0.9.38/configure_agent.sh --token=us:TOKEN --attributes "ATTRIBUTES" --start
# Detect Rapid7 is running
if pgrep -x "ir_agent" >/dev/null; then
echo "Install Successful"
# Clean Up
rm -rf /private/tmp/rapid7
exit 0
else
echo "Install Failed"
# Clean Up
rm -rf /private/tmp/rapid7
exit 1
fi
exit 0 ## Success
exit 1 ## Failure
Thank you @dwynn!!! This helped! On another note, do y'all have a Uninstall Script for Rapid7?
Rapid7 offers this command (sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh). I'm thinking of creating a Policy and adding the command to "Files and Processes".
Thank you @dwynn!!! This helped! On another note, do y'all have a Uninstall Script for Rapid7?
Rapid7 offers this command (sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh). I'm thinking of creating a Policy and adding the command to "Files and Processes".
I haven't tested this but here is the command from Rapid7 Documentation:
Uninstall .pkg installer Insight Agents
sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh
I haven't tested this but here is the command from Rapid7 Documentation:
Uninstall .pkg installer Insight Agents
sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.shUninstall without prompt. Useful for automation
sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh -f
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.