Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Endpoint Standard: How to Perform an Unattended Installation of the Mac Sensor

Endpoint Standard: How to Perform an Unattended Installation of the Mac Sensor

Environment

  • Endpoint Standard (formerly CB defense): All Versions
  • Apple macOS: All Supported Versions

Objective

This document provides information on how to install CB endpoint standard sensor on an OS X/macOS endpoint remotely.

Resolution

  1. The sensor software package for OS X/macOS is delivered in a DMG file format (disk image). In order to perform a command line installation, you will need to extract the installation package and the installation script. The hdiutil command "mounts" the disk image in a virtual disk location, for example, "/Volumes/CbDefense-3.2.2.6/".
hdiutil attach /path/to/confer_installer_mac-3.2.2.6.dmg
  1. Make a copy of the files "CbDefense Install.pkg" and "cbdefense_install_unattended.sh" from the mounted disk image. These two files are needed for the target machine to install Confer Sensor Software. Copy these two files to the installation target OS X/macOS device, for example to "/tmp/" directory.
-rw-r--r--@ 1 user     staff  21188558 Nov 20 21:44      /Volumes/CbDefense-3.0.1.20/CbDefense Install.pkg
-rwxr-xr-x  1 user     staff  15226 Nov 20 21:44           /Volumes/CbDefense-3.0.1.20/docs/cbdefense_install_unattended.sh
Make sure to use the installation script (cbdefense_install_unattended.sh) that came with the Sensor version you are installing
  1. Run the installation command remotely on the target OS X/macOS device and replace the string COMPANY_CODE with the correct Company Code for the sensor version you are installing.
sudo ./tmp/cbdefense_install_unattended.sh -i '/tmp/CbDefense Install.pkg' -c 'COMPANY_CODE' --skip-kext-approval-check
NOTE: If you are on Mac OS 10.13 and above, you must use --skip-kext-approval-check to receive the prompt allowing the end user to locally approve KEXT

Optional uses

The installation script (confer_install_unattended.sh) supports additional optional parameters that can be used to provide additional customization.

  • To list all available options 
    /tmp/cbcloud_install_unattended.sh -h
Not all options are supported. Below are the tested and supported optional arguments.
  • To provide proxy information
    • Replace proxy-server-ip-address with the actual IP address to contact the proxy server.
    • Replace proxy-server-port-number with the actual port number to contact the proxy server.
sudo /tmp/cbcloud_install_unattended.sh -i 'CBCloud Install.pkg' -c 'COMPANY_CODE' -p proxy-server-ip-address:proxy-server-port-number -x proxy_user_name:proxy_user_password
  • To specify policy group for the device
sudo /tmp/cbcloud_install_unattended.sh -i 'CBCloud Install.pkg' -c 'COMPANY_CODE' -g group_name
  • To install the device in bypass mode
sudo /tmp/cbcloud_install_unattended.sh -i 'CBCloud Install.pkg' -c 'COMPANY_CODE' -d
  • To produce verbose install logs
sudo bash -x /tmp/cbcloud_install_unattended.sh -i  '/tmp/CBCloud Install.pkg' -c 'COMPANY_CODE'

Additional Notes

  • Ensure that single quotes are always used for any parameter in the command line string. The use of double quotes anywhere in the command line string will cause a read failure from that point on in the command
  • Ensure that both files are copied to the target machine verbatim. Some file copy tools may not preserve the execute bit (+x) which will prevent "cbdefense_install_unattended.sh" from running
  • The command "confer_install_unattended.sh" supports additional installer options, use "-h" option to display the remaining options.
  • Under all conditions the "-i" option to provide the installer package, and the "-c" option to provide the COMPANY_CODE are required to execute the installer script successfully.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
15275
Contributors