Skip to main content

Has anyone found an easy way to deploy the Rapid7 Mac Insight Agent using Jamf

Yes, but I use a script that starts either the ARM or Intel PKG Installation.

In Parameter 4 and 5 of the script is the input field for the Token and Rapid7 Installer Version.

#!/bin/bash SystemArch=$(/usr/bin/arch) echo "### SystemArch - $SystemArch #####" sleep 2 # Rapid7 Token can be found in Parameter 4 echo "### Token: $4 #####" sleep 2 # Rapid7 Path - Version can be found in Parameter 5 Rapid7Path="/opt/rapid7/ir_agent/components/insight_agent/$5/" echo "### Rapid7Path - $Rapid7Path #####" sleep 2 # Start Rapid7 Installer via Script if [ "$SystemArch" == "arm64" ]; then echo "### Apple Silicon Detected #####" /usr/local/bin/jamf policy -event Rapid7-ARM sleep 2 else echo "### Intel Detected #####" /usr/local/bin/jamf policy -event Rapid7-X86 sleep 2 fi sudo -s $Rapid7Path/./configure_agent.sh --token $4 --start && echo "### Rapid7 Config Script Start #####" # List Folder Content of Rapid7Path echo "### List of Rapid7Path $(ls -l $Rapid7Path) #####" sleep 2 # Finish Script echo "### Jamf Recon - Start #####" /usr/local/bin/jamf recon && echo "### Jamf Recon - Completed #####" sleep 2

Thank you. I just couldn't get this script to work with another parameter for --attributes. I have 50 companies each with a different attribute so it would have been nice to get this one to work. I had to create a Composer package for each company. Here is the postinstall script I used.

 

#!/bin/sh ## postinstall pathToScript=$0 pathToPackage=$1 targetLocation=$2 targetVolume=$3 arch=$(/usr/bin/arch) if [ "$arch" == "arm64" ]; then echo "Apple Silicon Detected" installer -pkg /private/tmp/rapid7/rapid7-insight-agent-4.0.9.38-1.arm64.pkg -target / else echo "Intel Detected" installer -pkg /private/tmp/rapid7/rapid7-insight-agent-4.0.9.38-1.x86_64.pkg -target / fi # Configure agent /opt/rapid7/ir_agent/components/insight_agent/4.0.9.38/configure_agent.sh --token=us:TOKEN --attributes "ATTRIBUTES" --start # Detect Rapid7 is running if pgrep -x "ir_agent" >/dev/null; then echo "Install Successful" # Clean Up rm -rf /private/tmp/rapid7 exit 0 else echo "Install Failed" # Clean Up rm -rf /private/tmp/rapid7 exit 1 fi exit 0 ## Success exit 1 ## Failure

 

 


Thank you. I just couldn't get this script to work with another parameter for --attributes. I have 50 companies each with a different attribute so it would have been nice to get this one to work. I had to create a Composer package for each company. Here is the postinstall script I used.

 

#!/bin/sh ## postinstall pathToScript=$0 pathToPackage=$1 targetLocation=$2 targetVolume=$3 arch=$(/usr/bin/arch) if [ "$arch" == "arm64" ]; then echo "Apple Silicon Detected" installer -pkg /private/tmp/rapid7/rapid7-insight-agent-4.0.9.38-1.arm64.pkg -target / else echo "Intel Detected" installer -pkg /private/tmp/rapid7/rapid7-insight-agent-4.0.9.38-1.x86_64.pkg -target / fi # Configure agent /opt/rapid7/ir_agent/components/insight_agent/4.0.9.38/configure_agent.sh --token=us:TOKEN --attributes "ATTRIBUTES" --start # Detect Rapid7 is running if pgrep -x "ir_agent" >/dev/null; then echo "Install Successful" # Clean Up rm -rf /private/tmp/rapid7 exit 0 else echo "Install Failed" # Clean Up rm -rf /private/tmp/rapid7 exit 1 fi exit 0 ## Success exit 1 ## Failure

 

 


Thank you @dwynn!!! This helped! On another note, do y'all have a Uninstall Script for Rapid7?

Rapid7 offers this command (sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh). I'm thinking of creating a Policy and adding the command to "Files and Processes". 


Thank you @dwynn!!! This helped! On another note, do y'all have a Uninstall Script for Rapid7?

Rapid7 offers this command (sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh). I'm thinking of creating a Policy and adding the command to "Files and Processes". 


I haven't tested this but here is the command from Rapid7 Documentation:

 

Uninstall .pkg installer Insight Agents

sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh

I haven't tested this but here is the command from Rapid7 Documentation:

 

Uninstall .pkg installer Insight Agents

sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh

Uninstall without prompt. Useful for automation

sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh -f