Skip to main content
Question

Rapid7 Agent Install

  • August 13, 2025
  • 2 replies
  • 108 views
name21

Hi Team,

 

Can you provide detailed steps to configure in jamf Pro in terms of configuration profile and also for Policy since Rapid7 agent install is not working on Mac & intel chips?

 

https://docs.rapid7.com/insight-agent/mac-installation/

2 replies

howie_isaacks
Forum|alt.badge.img+23
  • howie_isaacks
  • Esteemed Contributor
  • August 13, 2025

I am happy to share my Rapid7 install process with you. Here’s a script that I wrote that handles the whole process. Your policy needs to stage the install files somewhere on the Mac. I used “/private/var/tmp/R7/”. My script deletes the staged install files after the install is complete. 

I get an Intel and ARM installer from the Rapid7 admin at my company. I create the folder path above and place the two install packages there. I use Composer to create a package from that file path. I attach the install package and this script to my install policy. The script is set with the “After” priority so that it will run after the package deploys the Rapid7 install packages.

There are three parameters used. There is also a variable for your install token.

Let me know if you have trouble with this process. I’m happy to help!

#!/bin/zsh --no-rcs

:<<ABOUT_THIS_SCRIPT
--------------------------------------------------------------------------
Installs Rapid7 from staged install packages at /private/tmp/R7.

Parameter 4 - Specify the exact name of the ARM installer.
Parameter 5 - Specify the exact name of the Intel installer.
Parameter 6 - Specify the version of Rapid7 that is being installed.



10/24/2024 | Howie Canterbury
Updated 6/11/2025 - Added version check to the checkInstall function.
--------------------------------------------------------------------------
ABOUT_THIS_SCRIPT

# Parameters
pkgARM="$4"
pkgIntel="$5"
installFolder="/private/var/tmp/R7/"
version="$6"
token="xxxxxxxxxxxxxxxxxxx"

# Log
logFile="/var/log/Rapid7-Install.log"

############################################################################
# Functions
############################################################################

# Log function
updateLog() {
	echo -e "$(date +'%Y-%m-%d %H:%M:%S') - $1" >> "$logFile"
	echo "$1" # Echo to Jamf policy log
}

# Check for staged installer packages
checkForPackages() {
	updateLog "Checking for installer packages..."
	local armPKG="/private/var/tmp/R7/$pkgARM"
	local intelPKG="/private/var/tmp/R7/$pkgIntel"
	if [ -f "$armPKG" ] && [ -f "$intelPKG" ]; then
		updateLog "Install packages are ready"
	else
		updateLog "Install packages failed to install. Exiting."
		exit 1
	fi
}

# Install ARM package
install_ARM() {
	# Change directory to staged install packages and run install package
	cd "$installFolder" || return
	local currentFolder
	currentFolder=$(pwd)
	updateLog "Present working directory is $currentFolder"
	installer -verbose -pkg "$pkgARM" -target /
}

# Install Intel package
install_Intel() {
	# Change directory to staged install packages and run install package
	cd "$installFolder" || return
	local currentFolder
	currentFolder=$(pwd)
	updateLog "Present working directory is $currentFolder"
	installer -verbose -pkg "$pkgIntel" -target /
}

# Install function
ir_AgentInstall() {
	# Check if installer packages are present
	checkForPackages
	updateLog "Starting Rapid7 install. Determining processor type."
	# Check processor architecture
	local arch_type=$(/usr/bin/arch)
	# Running install based on processor type
	case "$arch_type" in
		"arm64") updateLog "Processor type is ARM64. Installing Rapid7 for ARM64."
			install_ARM	
		;;
		"i386") updateLog "Processor type is Intel. Installing Rapid7 for Intel."
			install_Intel 
		;;
	esac
	# Configure agent; assign token
	updateLog "Assigning token"
	cd /opt/rapid7/ir_agent/components/insight_agent/$version/
		./configure_agent.sh --token ${token} -v --start
	}

# Install check - Success or fail
checkInstall() {
	updateLog "Checking if install was successful..."
	local agent_version=$(cat /opt/rapid7/version-manifest.txt | grep "PyForensicsAgent" | awk '{print $2}')
	local agent="/opt/rapid7/ir_agent/components/insight_agent/$version/ir_agent"
		if [ -f "$agent" ] && [ "$agent_version" = "$version" ]; then
		updateLog "Rapid7 install was successful. Running agent version $agent_version."
	else
		updateLog "Rapid7 install failed"
		rm -rf "$installFolder"
		exit 1
	fi
}

############################################################################
# Run the Install
############################################################################

# Check for installer packages and run the install process
ir_AgentInstall

# Check if install was successful
checkInstall

# Remove staged installer packages
updateLog "Removing staged installer packages"
rm -rf "$installFolder"

exit 0

 

Mitchell_Gordon
SMR1
Forum|alt.badge.img+13
  • SMR1
  • Valued Contributor
  • August 20, 2025

This is how we deploy Rapid7. We only have ARM Mac’s. Have a policy that deploys the package and then add the below to Files and Processes and it seems to work.

/opt/rapid7/ir_agent/components/insight_agent/4.0.16.27/configure_agent.sh --token us:ourtoken --start

howie_isaacks
Terms & ConditionsCookie settingsAccessibility statement