Carbon Black Defense

aspears
New Contributor III

Has anyone been able to create a policy to install Carbon Black?

1 ACCEPTED SOLUTION

RaulSantos
Contributor

@aspears inside the dmg there is a hidden folder called docs there is a scripts called cbdefense_install_unattended.sh
edit the

options

CONFER_INSTALLER="/tmp/pkgname.pkg"
COMPANY_CODE=""

Then create an installer with composer or whatever other pkg utility you prefer. Place the pkg wherever you want. I suggest /tmp/ and have the "cbdefense_install_unattended.sh" be your postinstall script. The company code and installer location.

View solution in original post

13 REPLIES 13

rlandgraf
Contributor

Are you talking Carbon Black protection or CB response?

aspears
New Contributor III

CB Defense

RaulSantos
Contributor

@aspears I was able to create my own installer then used it in a policy

aspears
New Contributor III

@RaulSantos Would you mind sharing how you did that. I'm confused on how to include the company code in the package

RaulSantos
Contributor

@aspears inside the dmg there is a hidden folder called docs there is a scripts called cbdefense_install_unattended.sh
edit the

options

CONFER_INSTALLER="/tmp/pkgname.pkg"
COMPANY_CODE=""

Then create an installer with composer or whatever other pkg utility you prefer. Place the pkg wherever you want. I suggest /tmp/ and have the "cbdefense_install_unattended.sh" be your postinstall script. The company code and installer location.

aspears
New Contributor III

Ah! thanks, I'll give it a try shortly

RaulSantos
Contributor

@aspears did that achieve your goals?

aspears
New Contributor III

@RaulSantos For some reason it didn't work for me. I was able to get it to work by creating two policies, One to place/cache the installer in the /tmp folder and the other policy to run cbdefense_install_unattended.sh

  • I will still work on getting your way to work once I get some free time :-)

jimderlatka
Contributor

Create a Package, and dump the carbon black files to

private mp

so in my package under tmp I have
cbdefense install.pkg
cbdefense uninstall.app
docs
cbdefense_install_unattended.sh

once the files are on the local MacBook
I run a script to install it locally
sudo bash /private/tmp/docs/cbdefense_install_unattended.sh -i /private/tmp/CbDefense Install.pkg -c CompanyCode@

so my policy has a .pkg that dumps the payload above, then runs a script for the unattended install.... works very easily.

sanaumann
New Contributor III

Hi. We just deployed CB Defense this weekend.

Everything runs in a policy. We stage the installer files as a .pkg in /Users/Shared/CbDefense and then edit the script that comes with the install as follows:

#options
CBD_INSTALLER="/Users/Shared/CbDefense/CbDefenseInstall.pkg"
COMPANY_CODE="<insert code here>"

#optional args
GROUP_NAME="<insert policy here>"

I believe everything else is left default (for us). Your setup may vary.

jconte
Contributor II

I create a pkg and place it into a stage folder, then run the install from that location:

#!/bin/bash
# This script installs the Carbon Black 6.1.3 client and will uninstall the old client when applicable

# Created by Jeffrey Conte 1-19-2018


# This will uninstall any previously installed CB agents, remove comment when ready

/Applications/CarbonBlack/sensoruninst.sh

# This will install the Carbon Black client for Mac's

/usr/sbin/installer -package /Library/StageFolder/Packages/Carbon Black_6_1_3/CarbonBlackClientSetup_6_1_3_71222.pkg -target /

sleep 15

chflags hidden /Applications/CarbonBlack

exit

menriquez
New Contributor

Any one every get the following error?

/Library/Application Support/JAMF/tmp/CB Defense 3.3.1.12: line 428: syntax error near unexpected token `('
/Library/Application Support/JAMF/tmp/CB Defense 3.3.1.12: line 428: ` echo "...OK (user pre-approved)"'

This is after trying to push the included cbdefense_install_unattended.sh

kmathern
New Contributor III

Here is my postinstall script in composer. If I remember correctly the skip kext had to be used which was causing errors. It's been awhile since we did this. Need a # in front of first line and ## in front of second line. Don't know why it deleted them.

!/bin/sh

postinstall

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

cd /tmp/cb

sh /private/tmp/cb/docs/cbdefense_install_unattended.sh --skip-kext-approval-check

rm -rf /tmp/cb

exit 0 ## Success
exit 1 ## Failure