Documentation Version: er2.0.28-docs-1.1

macOS Agent

To install the macOS Node Agent:

  1. Make sure your user account has administrator rights.
    macOS in Enterprise environments may handle administrator rights differently. Check with your system administrator on how administrator rights are handled in your environment.
  2. Configure Gatekeeper.
  3. Install the Node Agent.
  4. Configure the Node Agent.
  5. Restart the Node Agent.

Supported Platforms

The following platforms are supported by the macOS Agent:

To scan a macOS Target that is not supported by the macOS Agent, start a scan on a Remote Access via SSH Target instead.

Scanning process memory is not supported on macOS and OS X platforms.

Configure GateKeeper

Instructions to configure Gatekeeper may vary in different versions of macOS. For more information, see OS X: About Gatekeeper.

Gatekeeper must be set to allow applications from identified developers for the Agent installer to run.

Under System Preferences > Security & Privacy >General, check that "Allow apps downloaded from" is set to either:

To configure Gatekeeper to allow the Agent installer to run:

  1. Open System Preferences.
  2. Click Security & Privacy, and go to the General tab.
  3. Click on the lock at the bottom left corner, and enter your login credentials.
  4. Under "Allow apps downloaded from:", select Mac App Store and identified developers. macOS may prompt you to confirm your selection.
  5. Click on the lock to lock your preferences.

Install THE NODE agent

  1. On your Web Console, go to DOWNLOADS > NODE AGENT DOWNLOADS.
  2. On the Node Agent Downloads page, click on the Filename for your Platform.

Once the macOS Node Agent package has been downloaded:

  1. Double-click on the Node Agent package to start the installation wizard.
  2. At Introduction, click Continue.
  3. At Installation Type, click Install.
  4. Enter your login credentials, and click Install Software.

Configure the Node Agent

Run all commands as root.

After you have installed the Node Agent, configure the Node Agent to:

  1. Point to the Master Server.
  2. (Optional) Use the Master Public Key (see Server Information) when connecting to the Master Server.
  3. (Optional) Specify Target initial group.
  4. Test the connection settings.

To configure the Node Agent, choose either mode:

For the changes to take effect, you must restart the Node Agent.

INTERACTIVE MODE

Running this command helps you to quickly configure the Node Agent:

/usr/local/er2/er2-config -interactive

The interactive mode asks you for the following information to help you configure the Node Agent.

Pressing ENTER while configuring the Node Agent with the interactive mode configures the Node Agent to use the last saved value for that parameter. If there is no last saved value, an empty or default value is used. This may cause the Node Agent to fail to locate the Master Server.
Interactive Mode Command Prompts Description

Master server host name or IP Address [10.1.100.0]

Specify a Master Server's host name or IP address.

(Optional) Master server public key

Enter the Master Public Key. See Install Node Agents.

(Optional) Target initial group

Specify Target initial group.

Test connection settings (Y/n)

Test the Node Agent's connection settings to the Master Server, enter Y.

For the changes to take effect, you must restart the Node Agent.

MANUAL MODE

To configure the Node Agent without interactive mode:

/usr/local/er2/er2-config -i <hostname|ip_address> [-t] [-k <master_public_key>] [-g <target_group>]
## Required for connecting to the Master Server
# -i <hostname|ip_address>: Master Server IP address or host name.
## Optional parameters
# -t: Tests if the Node Agent can connect to the given host name or IP address.
# -k <master_public_key>: Sets the Master Public Key.
# -g <target_group>: Sets the default Target Group for scan locations added for this Agent.

For the changes to take effect, you must restart the Node Agent.

Restart the Node Agent

For your configuration settings to take effect, you must restart the Node Agent:

/usr/local/er2/er2-agent -stop
/usr/local/er2/er2-agent -start