Posted on 07-31-2019 11:44 AM
Has anyone found an easy way to deploy the Rapid7 Mac Insight Agent using Jamf
Posted on 07-26-2023 04:38 PM
This is what I'm using a post install. rapid7-munkipkg
#!/bin/bash
## postinstall
pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3
arch=$(/usr/bin/arch)
if [ "$arch" == "arm64" ]; then
echo "Apple Silicon Detected"
chmod +x /private/tmp/rapid7/agent_installer-arm64.sh
/bin/sh /private/tmp/rapid7/agent_installer-arm64.sh install_start --token us:yourcodehere
else
echo "Intel Detected"
chmod +x /private/tmp/rapid7/agent_installer-x86-64.sh
/bin/sh /private/tmp/rapid7/agent_installer-x86_64.sh install_start --token us:yourcodehere
fi
# Detect Rapid7 is running
if pgrep -x "ir_agent" >/dev/null; then
echo "Install Successful"
# Clean Up
rm -rf /private/tmp/rapid7
exit 0
else
echo "Install Failed"
# Clean Up
rm -rf /private/tmp/rapid7
exit 1
fi
Posted on 10-24-2023 04:46 AM
Hey, hope you are well,
I've been tasked with deploying Rapid 7, and all seems to be working, BUT people are telling me you need a config profile to grant Full Disk Access for the ir_agent, and I am having no luck finding any info around this, or which identifiers to use. Are you using one?
Posted on 10-24-2023 06:13 AM
For some inexplicable reason they don't mention the FDA being needed in their documentation. Their logging also doesn't reveal that anything is failing if you don't have FDA allowed. Talk to their support though. They provided us with the mobileconfig file that they use internally. This was after we rolled it out not knowing FDA was needed and I happened to notice that it was showing up in the system settings wanting access. We weren't too happy about that and it wasn't noticed during testing.
Posted on 10-24-2023 06:15 AM
Thanks will get my infosec team to reach out and grab that. thanks for the reply
Posted on 11-06-2023 02:49 PM
Brand new to the world of packaging for Macs. We have a mix of Intel Macs and M1s in our environment. Can anyone confirm whether or not I'll need to download both versions of the macOS installer from Rapid7, then target our devices according to chip type (Intel or M1)? Thanks.
Posted on 11-06-2023 10:42 PM
Hey,
yes you will need both as there is no Universal installer. There is a script floating around on here that checks the architecture of the mac and then installs the right version, so you can make one package and target the entire fleet and let the script do the rest of the work
Posted on 11-07-2023 08:58 AM
Thanks for that info. And one more point to confirm: once the Rapid7 Insight Agent is installed on a Mac, is there any reason to redeploy/reinstall a newer version of the Agent? My understanding (based on behavior on Windows devices) is that once the Agent is installed, it will update itself without user or administrator intervention. Just wanted to make sure that's the way it will work on Macs as well. Thanks!
Posted on 11-07-2023 09:15 AM
ISVM Agent auto updates on our Macs.
I have two separate policies for the ISVM Install. You could just deploy both installers to the machine and let the scope take care of it.
Scoped to Apple Silicon - /private/tmp/InsightVM/insight_installer-arm.sh install_start --token us:0000-0000-0000-0000-00000 --attributes "XXXX Agent"
Scoped to Intel - /private/tmp/InsightVM/insight_installer.sh install_start --token us:0000-0000-0000-0000-00000 --attributes "XXXX Agent"