Help

Rapid 7 Mac Insight Agent

kjenkins
New Contributor

Posted on ‎07-31-2019 11:44 AM

Has anyone found an easy way to deploy the Rapid7 Mac Insight Agent using Jamf

47 REPLIES 47

jhbush
Valued Contributor II

Posted on ‎07-26-2023 04:38 PM

This is what I'm using a  post install. rapid7-munkipkg 

#!/bin/bash
## postinstall

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

arch=$(/usr/bin/arch)

if [ "$arch" == "arm64" ]; then
    echo "Apple Silicon Detected"
    chmod +x /private/tmp/rapid7/agent_installer-arm64.sh
    /bin/sh /private/tmp/rapid7/agent_installer-arm64.sh install_start --token us:yourcodehere
else
    echo "Intel Detected"
    chmod +x /private/tmp/rapid7/agent_installer-x86-64.sh
    /bin/sh /private/tmp/rapid7/agent_installer-x86_64.sh install_start --token us:yourcodehere
fi

# Detect Rapid7 is running

if pgrep -x "ir_agent" >/dev/null; then
    echo "Install Successful"
    # Clean Up
    rm -rf /private/tmp/rapid7
    exit 0
else
    echo "Install Failed"
    # Clean Up
    rm -rf /private/tmp/rapid7
    exit 1
fi

MichaelMcG
New Contributor III
In response to jhbush

Posted on ‎10-24-2023 04:46 AM

Hey, hope you are well, 

I've been tasked with deploying Rapid 7, and all seems to be working, BUT people are telling me you need a config profile to grant Full Disk Access for the ir_agent, and I am having no luck finding any info around this, or which identifiers to use. Are you using one?

jhuls
Contributor III
In response to MichaelMcG

Posted on ‎10-24-2023 06:13 AM

For some inexplicable reason they don't mention the FDA being needed in their documentation. Their logging also doesn't reveal that anything is failing if you don't have FDA allowed. Talk to their support though. They provided us with the mobileconfig file that they use internally. This was after we rolled it out not knowing FDA was needed and I happened to notice that it was showing up in the system settings wanting access. We weren't too happy about that and it wasn't noticed during testing.

MichaelMcG
New Contributor III
In response to jhuls

Posted on ‎10-24-2023 06:15 AM

Thanks will get my infosec team to reach out and grab that. thanks for the reply

0 Kudos

TheCrusher4Real
New Contributor III

Posted on ‎11-06-2023 02:49 PM

Brand new to the world of packaging for Macs. We have a mix of Intel Macs and M1s in our environment. Can anyone confirm whether or not I'll need to download both versions of the macOS installer from Rapid7, then target our devices according to chip type (Intel or M1)? Thanks.

0 Kudos

MichaelMcG
New Contributor III
In response to TheCrusher4Real

Posted on ‎11-06-2023 10:42 PM

Hey, 

yes you will need both as there is no Universal installer. There is a script floating around on here that checks the architecture of the mac and then installs the right version, so you can make one package and target the entire fleet and let the script do the rest of the work

TheCrusher4Real
New Contributor III
In response to MichaelMcG

Posted on ‎11-07-2023 08:58 AM

Thanks for that info. And one more point to confirm: once the Rapid7 Insight Agent is installed on a Mac, is there any reason to redeploy/reinstall a newer version of the Agent? My understanding (based on behavior on Windows devices) is that once the Agent is installed, it will update itself without user or administrator intervention. Just wanted to make sure that's the way it will work on Macs as well. Thanks! 

dwynn
New Contributor III

Posted on ‎11-07-2023 09:15 AM

ISVM Agent auto updates on our Macs. 

 

I have two separate policies for the ISVM Install. You could just deploy both installers to the machine and let the scope take care of it. 

Scoped to Apple Silicon - /private/tmp/InsightVM/insight_installer-arm.sh install_start --token us:0000-0000-0000-0000-00000 --attributes "XXXX Agent"

 

Scoped to Intel - /private/tmp/InsightVM/insight_installer.sh install_start --token us:0000-0000-0000-0000-00000 --attributes "XXXX Agent"