Rapid 7 Mac Insight Agent

kjenkins
New Contributor

Has anyone found an easy way to deploy the Rapid7 Mac Insight Agent using Jamf

17 REPLIES 17

coryhowell2
New Contributor III

I used Composer to put the agent_installer.sh file onto our Macs in the /private/tmp/ directory. I had an issue with the permissions on the script so I have a post install script file in the composer package to change the permissions on the script file chmod u+x. In the Jamf policy I have Files and Processes setup to execute the command along with installing the package made in composer. sh /private/tmp/agent_installer.sh install_start --token <your token>
I got the agent_installer.sh and the token from my InfoSec team. Rapid 7 would be able to give you that information as well I'm sure. replace <your token> with the token setup for your company.

kjenkins
New Contributor

Thanks for the help.

KJ

PCSysops
New Contributor II

Thank you, this helped alot. I decided to just create the package in composer, then have a script run after the pkg was pushed to change permissions and execute the agent_installer.sh

cnoboa
New Contributor II

Hello,

Has anyone found a way to uninstall the Rapid7 Agent via script?

chase_g
New Contributor III

@cnoboa I have had success using basically the same install package I built in composer and just changed my pre-install script to do the command: sudo ./agent_installer.sh uninstall
And that seems to work. So you should be able to do the same with a script that points to the location of the agent_installer.sh script with the uninstall command.

soms
New Contributor

I'm having this same issue, I'm relatively new to composer and osx so I'm looking on how I can achieve this. How do you use composer to package the agent_installer.sh and have it moved to /private/tmp

PCSysops
New Contributor II

@soms First create the folder in your location. For example /private/tmp/Rapid7. Put all your files into your folder. Open Composer, and drag the folder from finder into composer. Then you can create a package. In Jamf, set it to install in your policy and it will just install the files to the path you set up. I set a script to run afterwards to install the agent with the token. Make sure you chmod u+x in the script like @coryhowell2 said.

mcantwell
New Contributor III
I set a script to run afterwards to install the agent with the token. Make sure you chmod u+x in the script like @coryhowell2 said.

Where exactly do I put the "chmod u+x"? Do I run as separate command after the installer like this?

a342e5d4a86d428ea4315fcd8955998e

lassekivikas
New Contributor II

@mcantwell I think coryhowell2 meant that you need to create a script in the settings for the chmod, and then back to the policy, from the left side bar (fourth from the top) choose the script you just made and choose the priority to 'after'. Now the script will run after everything else.

I am currently doing this exact same thing, and I was wondering that if I have a package with the agent_installer, and then I have the install command in the 'Files and Processes', doesn't that mean that the package (with the agent_installer.sh) will run before the executable command in the 'Files and Processes' which should activate the agent_installer?

NOLA2FLA
New Contributor II

so here's is my conundrum: When I deploy my policy I am using a .pkg with dropping the agent_installer.sh in the correct folder, plus the uninstall command. Then I am running the actual install from a command in "Files and Processes" using the following command: sudo ./agent_installer.sh install_start --token xxxxxxxxxxxxxxxxxx. But when automagically deployed it doesn't recognize the command, however if I flush the log and then go into terminal and do a sudo jamf policy manually the policy works beautifully. Am I missing something?

dwynn
New Contributor II

@soms Can you share the script you use to install the package? I have the installer in private/tmp/Rapid7. Now I just need the chmod + token script.

PCSysops
New Contributor II

@dwynn

This is what I use, and works with no issue. Put your Rapid7 token in and you should be good. I have the script set to run after the package is pushed.

!/bin/bash

cd /private/tmp/Rapid7

chmod u+x agent_installer.sh

sudo sh ./agent_installer.sh install_start --token=us:"token given to you"

dwynn
New Contributor II

@PCSysops We have over 30 operating companies in our Jamf instance. Each one will need to put the company attribute into the install command like so:

insight_installer.sh install_start --token us:xxxxxxxxxx --attributes "CompanyAttribute Agent"

So what I did was in composer create the InsightVM package with "chmod u+x /private/tmp/InsightVM/insight_installer.sh" in a post install script.

Then create in the policy in Jamf Pro. Configure "Files and Proccess" and add /private/tmp/InsightVM/insight_installer.sh install_start --token us:xxxxxxxx --attributes "CompanyAttribute Agent" into Execute Command.

I hope this helps anybody else coming across this issue.

ckulesza
New Contributor III

I am very new to doing this type of packaging. Can someone give me the steps they used in Composer to create the package that has the folder it is in and such. I am being asked to roll this out to our company. In the near future.

Thanks

DJRizzo
New Contributor II

Could anyone tell me how to verify the agent was installed correctly? Thanks!

dwynn
New Contributor II

You can run the command: ps aux | grep ir_agent

 

https://docs.rapid7.com/insight-agent/agent-controls/

ckulesza
New Contributor III

I had my infosec team verify from the rapid7 console.