Jamf Nation Community

I'm 99% sure this works, but I've only tested it once since replacing the URLs in the script with parameters (for slightly easier/cleaner updates). If it doesn't work for you, try replacing {$4} and {$5} with the actual URLs:

#!/bin/bash -eux
# Single script to install the Elastic Agent (Intel and ARM versions) on macOS

# Checks architecture
arch_name="$(uname -m)"

# Create a temporary directory
tempdir=$(mktemp -d)
cd $tempdir

# Steps to complete on Intel-based Macs
if [[ "${arch_name}" = "x86_64" ]]; then 

    # Downloads the Elastic Agent and saves it to your computer in the directory specified
    curl -OL {$4}

    # Uses the Tar command to decompress the Elastic Agent and prepare it for installation
    tar zxf elastic-agent-8.4.1-darwin-x86_64.tar.gz

    # Enters the Elastic Agent directory that was decompressed in the previous step
    cd elastic-agent-8.4.1-darwin-x86_64
    
# Steps to complete on ARM (Apple)-based Macs
elif [[ "${arch_name}" = "arm64" ]]; then

    # Downloads the Elastic Agent and saves it to your computer in the directory specified
    curl -OL {$5}

    # Uses the Tar command to decompress the Elastic Agent and prepare it for installation
    tar zxvf elastic-agent-8.4.1-darwin-aarch64.tar.gz

    # Enters the Elastic Agent directory that was decompressed in the previous step
    cd elastic-agent-8.4.1-darwin-aarch64

fi

# Uses "super user do" to install the Elastic Agent, sends data to Elastic Cloud, and enrolls it in Fleet so that updates to the Agent can be managed
sudo ./elastic-agent install -f --kibana-url=fleet-server-address --enrollment-token=enrollment-token

# Clean up, clean up
rm -rf $tempdir

In the policy, set parameter 4 to the URL for the Intel package and 5 to the URL for the ARM/Apple version.

Sure thing! Though I just realized I should probably make it so the parameters replace the file name rather than the URL. The way I have it now, to update it you have to replace the URL parameter as well as the file name a few times in the script itself. Here's an updated version (that I just tested successfully):

#!/bin/bash -eux
# Single script to install the Elastic Agent (Intel and ARM versions) on macOS

# Checks architecture
arch_name="$(uname -m)"

# Create a temporary directory
tempdir=$(mktemp -d)
cd $tempdir

# Steps to complete on Intel-based Macs
if [[ "${arch_name}" = "x86_64" ]]; then 

    # Downloads the Elastic Agent and saves it to your computer in the directory specified
    curl -OL https://artifacts.elastic.co/downloads/beats/elastic-agent/${4}.tar.gz

    # Uses the Tar command to decompress the Elastic Agent and prepare it for installation
    tar zxf ${4}.tar.gz

    # Enters the Elastic Agent directory that was decompressed in the previous step
    cd ${4}
    
# Steps to complete on ARM (Apple)-based Macs
elif [[ "${arch_name}" = "arm64" ]]; then

    # Downloads the Elastic Agent and saves it to your computer in the directory specified
    curl -OL https://artifacts.elastic.co/downloads/beats/elastic-agent/${5}.tar.gz

    # Uses the Tar command to decompress the Elastic Agent and prepare it for installation
    tar zxvf ${5}.tar.gz

    # Enters the Elastic Agent directory that was decompressed in the previous step
    cd ${5}

fi

date

# Uses "super user do" to install the Elastic Agent, sends data to Elastic Cloud, and enrolls it in Fleet so that updates to the Agent can be managed
sudo ./elastic-agent install -f --url=https://siemfleet1a.hq.overdrive.com:8220 --enrollment-token=bEQ5emhZTUIweHJYSkJOanlPQVc6TG1mTTZFZWNTX0dWX2xFZ0VhUGdDdw==

# Clean up, clean up
rm -rf $tempdir

Now I have parameter 4 set to "elastic-agent-8.4.1-darwin-x86_64" and 5 as "elastic-agent-8.4.1-darwin-aarch64".

Tada!

I'm not currently running Ventura on my test machine, but I don't have anything for Elastic in "Login items." I'm pretty sure we haven't pushed Elastic Security yet, just the agent. I'll try to look into it and let you know.

I was able to do the same yesterday. Good call on the prefer rather than regular label!

Elastic has a Python script that'll create a configuration profile for you. It includes full disk access: https://github.com/elastic/endpoint/blob/main/deployment/macos/mobiledevicemanagement/mobile_config_...

Im having trouble getting this to deploy, and there isnt really much info about it on that GitHub page, have you gotten this to work? 

Yep, I used it successfully.

Just because I'm a little unclear what you mean by deploy, you aren't trying to deploy the Python script itself, are you? Because it's something you run locally to create a profile you can upload to Jamf.

No not the script directly. I used the script to build the .mobileconfig profile, I just cant get the config profile to reach the machine.

Ok, so, what's happening..? I'm pretty sure all I did was upload the profile to Jamf and scope it.