Skip to main content

Hi Team,

 

Can you provide detailed steps to configure in jamf Pro in terms of configuration profile and also for Policy since Rapid7 agent install is not working on Mac & intel chips?

 

https://docs.rapid7.com/insight-agent/mac-installation/

I am happy to share my Rapid7 install process with you. Here’s a script that I wrote that handles the whole process. Your policy needs to stage the install files somewhere on the Mac. I used “/private/var/tmp/R7/”. My script deletes the staged install files after the install is complete. 

I get an Intel and ARM installer from the Rapid7 admin at my company. I create the folder path above and place the two install packages there. I use Composer to create a package from that file path. I attach the install package and this script to my install policy. The script is set with the “After” priority so that it will run after the package deploys the Rapid7 install packages.

There are three parameters used. There is also a variable for your install token.

Let me know if you have trouble with this process. I’m happy to help!

#!/bin/zsh --no-rcs

:<<ABOUT_THIS_SCRIPT
--------------------------------------------------------------------------
Installs Rapid7 from staged install packages at /private/tmp/R7.

Parameter 4 - Specify the exact name of the ARM installer.
Parameter 5 - Specify the exact name of the Intel installer.
Parameter 6 - Specify the version of Rapid7 that is being installed.



10/24/2024 | Howie Canterbury
Updated 6/11/2025 - Added version check to the checkInstall function.
--------------------------------------------------------------------------
ABOUT_THIS_SCRIPT

# Parameters
pkgARM="$4"
pkgIntel="$5"
installFolder="/private/var/tmp/R7/"
version="$6"
token="xxxxxxxxxxxxxxxxxxx"

# Log
logFile="/var/log/Rapid7-Install.log"

############################################################################
# Functions
############################################################################

# Log function
updateLog() {
echo -e "$(date +'%Y-%m-%d %H:%M:%S') - $1" >> "$logFile"
echo "$1" # Echo to Jamf policy log
}

# Check for staged installer packages
checkForPackages() {
updateLog "Checking for installer packages..."
local armPKG="/private/var/tmp/R7/$pkgARM"
local intelPKG="/private/var/tmp/R7/$pkgIntel"
if e -f "$armPKG" ] && ] -f "$intelPKG" ]; then
updateLog "Install packages are ready"
else
updateLog "Install packages failed to install. Exiting."
exit 1
fi
}

# Install ARM package
install_ARM() {
# Change directory to staged install packages and run install package
cd "$installFolder" || return
local currentFolder
currentFolder=$(pwd)
updateLog "Present working directory is $currentFolder"
installer -verbose -pkg "$pkgARM" -target /
}

# Install Intel package
install_Intel() {
# Change directory to staged install packages and run install package
cd "$installFolder" || return
local currentFolder
currentFolder=$(pwd)
updateLog "Present working directory is $currentFolder"
installer -verbose -pkg "$pkgIntel" -target /
}

# Install function
ir_AgentInstall() {
# Check if installer packages are present
checkForPackages
updateLog "Starting Rapid7 install. Determining processor type."
# Check processor architecture
local arch_type=$(/usr/bin/arch)
# Running install based on processor type
case "$arch_type" in
"arm64") updateLog "Processor type is ARM64. Installing Rapid7 for ARM64."
install_ARM
;;
"i386") updateLog "Processor type is Intel. Installing Rapid7 for Intel."
install_Intel
;;
esac
# Configure agent; assign token
updateLog "Assigning token"
cd /opt/rapid7/ir_agent/components/insight_agent/$version/
./configure_agent.sh --token ${token} -v --start
}

# Install check - Success or fail
checkInstall() {
updateLog "Checking if install was successful..."
local agent_version=$(cat /opt/rapid7/version-manifest.txt | grep "PyForensicsAgent" | awk '{print $2}')
local agent="/opt/rapid7/ir_agent/components/insight_agent/$version/ir_agent"
if t -f "$agent" ] && ] "$agent_version" = "$version" ]; then
updateLog "Rapid7 install was successful. Running agent version $agent_version."
else
updateLog "Rapid7 install failed"
rm -rf "$installFolder"
exit 1
fi
}

############################################################################
# Run the Install
############################################################################

# Check for installer packages and run the install process
ir_AgentInstall

# Check if install was successful
checkInstall

# Remove staged installer packages
updateLog "Removing staged installer packages"
rm -rf "$installFolder"

exit 0

 


This is how we deploy Rapid7. We only have ARM Mac’s. Have a policy that deploys the package and then add the below to Files and Processes and it seems to work.

/opt/rapid7/ir_agent/components/insight_agent/4.0.16.27/configure_agent.sh --token us:ourtoken --start


Reply