Elastic agent

MacJunior
Contributor III

Hey all, 

Anybody managed to install Elastic agent via jamf pro? 

during the installation process, it asks whether I want to instal it in /Library/agent and I have yes/no options 

That is pausing the installation process and I need away to auto answer with yes !

Thoughts?

17 REPLIES 17

Bretterson
New Contributor III

I haven't managed to get it to install correctly yet, but it sounds like you're missing an argument: -f

https://gist.github.com/peasead/33394868ddbd773c39bedde4011b4f6a?permalink_comment_id=4350069#gistco...

Bretterson
New Contributor III

We just got this working. I modified the script so it checks for system architecture to determine whether the Intel or ARM (Apple silicon) installer should be used. Let me if you need a copy.

MacJunior
Contributor III

Interesting .. yes please share it with me 

Bretterson
New Contributor III

I'm 99% sure this works, but I've only tested it once since replacing the URLs in the script with parameters (for slightly easier/cleaner updates). If it doesn't work for you, try replacing {$4} and {$5} with the actual URLs:

 

#!/bin/bash -eux
# Single script to install the Elastic Agent (Intel and ARM versions) on macOS

# Checks architecture
arch_name="$(uname -m)"

# Create a temporary directory
tempdir=$(mktemp -d)
cd $tempdir

# Steps to complete on Intel-based Macs
if [[ "${arch_name}" = "x86_64" ]]; then 

    # Downloads the Elastic Agent and saves it to your computer in the directory specified
    curl -OL {$4}

    # Uses the Tar command to decompress the Elastic Agent and prepare it for installation
    tar zxf elastic-agent-8.4.1-darwin-x86_64.tar.gz

    # Enters the Elastic Agent directory that was decompressed in the previous step
    cd elastic-agent-8.4.1-darwin-x86_64
    
# Steps to complete on ARM (Apple)-based Macs
elif [[ "${arch_name}" = "arm64" ]]; then

    # Downloads the Elastic Agent and saves it to your computer in the directory specified
    curl -OL {$5}

    # Uses the Tar command to decompress the Elastic Agent and prepare it for installation
    tar zxvf elastic-agent-8.4.1-darwin-aarch64.tar.gz

    # Enters the Elastic Agent directory that was decompressed in the previous step
    cd elastic-agent-8.4.1-darwin-aarch64

fi

# Uses "super user do" to install the Elastic Agent, sends data to Elastic Cloud, and enrolls it in Fleet so that updates to the Agent can be managed
sudo ./elastic-agent install -f --kibana-url=fleet-server-address --enrollment-token=enrollment-token

# Clean up, clean up
rm -rf $tempdir

 

 

In the policy, set parameter 4 to the URL for the Intel package and 5 to the URL for the ARM/Apple version.

MacJunior
Contributor III

@Bretterson  it works perfectly, thanks

Bretterson
New Contributor III

Sure thing! Though I just realized I should probably make it so the parameters replace the file name rather than the URL. The way I have it now, to update it you have to replace the URL parameter as well as the file name a few times in the script itself. Here's an updated version (that I just tested successfully):

 

#!/bin/bash -eux
# Single script to install the Elastic Agent (Intel and ARM versions) on macOS

# Checks architecture
arch_name="$(uname -m)"

# Create a temporary directory
tempdir=$(mktemp -d)
cd $tempdir

# Steps to complete on Intel-based Macs
if [[ "${arch_name}" = "x86_64" ]]; then 

    # Downloads the Elastic Agent and saves it to your computer in the directory specified
    curl -OL https://artifacts.elastic.co/downloads/beats/elastic-agent/${4}.tar.gz

    # Uses the Tar command to decompress the Elastic Agent and prepare it for installation
    tar zxf ${4}.tar.gz

    # Enters the Elastic Agent directory that was decompressed in the previous step
    cd ${4}
    
# Steps to complete on ARM (Apple)-based Macs
elif [[ "${arch_name}" = "arm64" ]]; then

    # Downloads the Elastic Agent and saves it to your computer in the directory specified
    curl -OL https://artifacts.elastic.co/downloads/beats/elastic-agent/${5}.tar.gz

    # Uses the Tar command to decompress the Elastic Agent and prepare it for installation
    tar zxvf ${5}.tar.gz

    # Enters the Elastic Agent directory that was decompressed in the previous step
    cd ${5}

fi

date

# Uses "super user do" to install the Elastic Agent, sends data to Elastic Cloud, and enrolls it in Fleet so that updates to the Agent can be managed
sudo ./elastic-agent install -f --url=https://siemfleet1a.hq.overdrive.com:8220 --enrollment-token=bEQ5emhZTUIweHJYSkJOanlPQVc6TG1mTTZFZWNTX0dWX2xFZ0VhUGdDdw==

# Clean up, clean up
rm -rf $tempdir

 

Now I have parameter 4 set to "elastic-agent-8.4.1-darwin-x86_64" and 5 as "elastic-agent-8.4.1-darwin-aarch64".

Tada!

MacJunior
Contributor III

@Bretterson Have you managed to grey out the elastic-agent in Login items in Ventura!?

i tried using a service management profile where I used the BundleID and TeamID but still not working !!

Bretterson
New Contributor III

I'm not currently running Ventura on my test machine, but I don't have anything for Elastic in "Login items." I'm pretty sure we haven't pushed Elastic Security yet, just the agent. I'll try to look into it and let you know.

MacJunior
Contributor III

I managed to grey it out in the login windows using LabelPrefix co.elastic

Just in case it shows up later in the login items in Ventura.

Bretterson
New Contributor III

I was able to do the same yesterday. Good call on the prefer rather than regular label!

ben-rampartco
New Contributor

Is there any way to setup full disk access for the Endpoint agent?

Elastic has a Python script that'll create a configuration profile for you. It includes full disk access: https://github.com/elastic/endpoint/blob/main/deployment/macos/mobiledevicemanagement/mobile_config_...

Im having trouble getting this to deploy, and there isnt really much info about it on that GitHub page, have you gotten this to work? 

Bretterson
New Contributor III

Yep, I used it successfully.

Just because I'm a little unclear what you mean by deploy, you aren't trying to deploy the Python script itself, are you? Because it's something you run locally to create a profile you can upload to Jamf.

No not the script directly. I used the script to build the .mobileconfig profile, I just cant get the config profile to reach the machine.

Bretterson
New Contributor III

Ok, so, what's happening..? I'm pretty sure all I did was upload the profile to Jamf and scope it.

renfroc
New Contributor

I love this community so much. Thank you all for your work