Environment
- Endpoint Standard (formerly CB defense): All Versions
- Apple macOS: All Supported Versions
Objective
This document provides information on how to install CB endpoint standard sensor on an OS X/macOS endpoint remotely.
Resolution
- The sensor software package for OS X/macOS is delivered in a DMG file format (disk image). In order to perform a command line installation, you will need to extract the installation package and the installation script. The hdiutil command "mounts" the disk image in a virtual disk location, for example, "/Volumes/CbDefense-3.2.2.6/".
hdiutil attach /path/to/confer_installer_mac-3.2.2.6.dmg
- Make a copy of the files "CbDefense Install.pkg" and "cbdefense_install_unattended.sh" from the mounted disk image. These two files are needed for the target machine to install Confer Sensor Software. Copy these two files to the installation target OS X/macOS device, for example to "/tmp/" directory.
-rw-r--r--@ 1 user staff 21188558 Nov 20 21:44 /Volumes/CbDefense-3.0.1.20/CbDefense Install.pkg
-rwxr-xr-x 1 user staff 15226 Nov 20 21:44 /Volumes/CbDefense-3.0.1.20/docs/cbdefense_install_unattended.sh
Make sure to use the installation script (cbdefense_install_unattended.sh) that came with the Sensor version you are installing
- Run the installation command remotely on the target OS X/macOS device and replace the string COMPANY_CODE with the correct Company Code for the sensor version you are installing.
sudo ./tmp/cbdefense_install_unattended.sh -i '/tmp/CbDefense Install.pkg' -c 'COMPANY_CODE' --skip-kext-approval-check
NOTE: If you are on Mac OS 10.13 and above, you must use --skip-kext-approval-check to receive the prompt allowing the end user to locally approve KEXT
Optional uses
The installation script (confer_install_unattended.sh) supports additional optional parameters that can be used to provide additional customization.
Not all options are supported. Below are the tested and supported optional arguments.
- To provide proxy information
- Replace proxy-server-ip-address with the actual IP address to contact the proxy server.
- Replace proxy-server-port-number with the actual port number to contact the proxy server.
sudo /tmp/cbcloud_install_unattended.sh -i 'CBCloud Install.pkg' -c 'COMPANY_CODE' -p proxy-server-ip-address:proxy-server-port-number -x proxy_user_name:proxy_user_password
- To specify policy group for the device
sudo /tmp/cbcloud_install_unattended.sh -i 'CBCloud Install.pkg' -c 'COMPANY_CODE' -g group_name
- To install the device in bypass mode
sudo /tmp/cbcloud_install_unattended.sh -i 'CBCloud Install.pkg' -c 'COMPANY_CODE' -d
- To produce verbose install logs
sudo bash -x /tmp/cbcloud_install_unattended.sh -i '/tmp/CBCloud Install.pkg' -c 'COMPANY_CODE'
Additional Notes
- Ensure that single quotes are always used for any parameter in the command line string. The use of double quotes anywhere in the command line string will cause a read failure from that point on in the command
- Ensure that both files are copied to the target machine verbatim. Some file copy tools may not preserve the execute bit (+x) which will prevent "cbdefense_install_unattended.sh" from running
- The command "confer_install_unattended.sh" supports additional installer options, use "-h" option to display the remaining options.
- Under all conditions the "-i" option to provide the installer package, and the "-c" option to provide the COMPANY_CODE are required to execute the installer script successfully.
Related Content
