Enterprise Recon 2.11.1
macOS Agent
This section covers the following topics:
- Supported Platforms
- Requirements
- Install the Node Agent
- Configure the Node Agent
- Restart the Node Agent
- Enable Full Disk Access
- Uninstall the Node Agent
- Upgrade the Node Agent
Supported Platforms
The following platforms are supported by the macOS Agent:
- macOS Monterey 12.0
- macOS Ventura 13.0
- macOS Sonoma 14.0
To scan a macOS Target that is not supported by the macOS Agent, perform an Agentless Scan or Remote Access via SSH scan on the Target instead.
Requirements
To install the macOS Node Agent:
-
Make sure your user account has administrator rights.
macOS in Enterprise environments may handle administrator rights differently. Check with your system administrator on how administrator rights are handled in your environment. - Configure Gatekeeper.
- Install the Node Agent.
- Configure the Node Agent.
- Enable Full Disk Access.
Configure Gatekeeper
Gatekeeper must be set to allow applications from identified developers for the Agent installer to run.
Under System Settings > Privacy & Security > Security, check that "Allow apps downloaded from:" is set to either:
- Mac App Store and identified developers
- Anywhere
To configure Gatekeeper to allow the Agent installer to run:
- On the macOS Agent host, open System Settings.
- Click Privacy & Security, and scroll down to Security.
- Click on the lock at the bottom left corner, and enter your login credentials.
- Under "Allow apps downloaded from:", select Mac App Store and identified developers. macOS may prompt you to confirm your selection.
- Click on the lock to lock your preferences.
Install the Node Agent
- Log in to the ER2 Web Console.
- Go to Settings > Agents > Node Agent Downloads.
-
On the Node Agent Downloads page, click on the Filename for your Platform.
Save the Node Agent installer on the machine where the Node Agent will be installed. -
(Optional) Verify the checksum of the downloaded Node Agent package file.
- Once the macOS Node Agent package has been downloaded:
- Double-click on the Node Agent package to start the installation wizard.
- At Introduction, click Continue.
- At Installation Type, click Install.
- Enter your login credentials, and click Install Software.
- Restart the Node Agent. A restart is only required when upgrading the Node Agent.
Verify Checksum for Node Agent Package File
You can determine the integrity of the downloaded Node Agent package file by verifying the checksum before installing the Node Agent.
- Download the Node Agent package file.
- Run the commands in a terminal to generate the hash value for the Node Agent package file.
-
MD5 hash (128-bit)
# Syntax: md5 <path to Node Agent package file> md5 er2-2.x.x-osx-x64.pkg
Example MD5 hash: f65a2cd26570ddb7efb6a2a4318388ac -
SHA1 hash (160-bit)
# Syntax: shasum -a 1 <path to Node Agent package file> shasum -a 1 er2-2.x.x-osx-x64.pkg
Example SHA1 hash: 33bcd6678580ae38a03183e94b4038e72b8f18f4 -
SHA256 hash (256-bit)
# Syntax: shasum -a 256 <path to Node Agent package file> shasum -a 256 er2-2.x.x-osx-x64.pkg
Example SHA256 hash: 1ee094a222f7d9bae9015ab2c4ea37df71000556b3acd2632ee27013844c49da
-
- In the ER2 Web Console, go to the Settings > Agents > Node Agent Downloads page. The Hash column lists the expected hash values for each Node Agent package file.
-
Compare the generated hash values from Step 2 with the expected hash values listed in the Web Console; both hash values should be equal.
If the hash values do not match, check that your network connection is stable, download the Node Agent package again from the Web Console, and verify the checksums again. If the issue still persists, contact Ground Labs Technical Support.
Configure the Node Agent
After you have installed the Node Agent, configure the Node Agent to:
- Point to the Master Server.
- (Optional) Use the Master Public Key (see Server Information) when connecting to the Master Server.
- (Optional) Specify Target initial group.
- Test the connection settings.
To configure the Node Agent, choose either mode:
- Interactive Mode
- Manual Mode
For the changes to take effect, you must Restart the Node Agent.
Interactive Mode
Running this command helps you to quickly configure the Node Agent:
/usr/local/er2/er2-config -interactive
The interactive mode asks you for the following information to help you configure the Node Agent.
Interactive Mode Command Prompts | Description |
---|---|
Master server host name or IP Address [10.1.100.0] | Specify a Master Server's host name or IP address. |
(Optional) Master server public key | Enter the Master Public Key.
Get the Master Server public key from the Server Information page.
|
(Optional) Target initial group | Specify Target initial group. |
Test connection settings (Y/N) | Test the Node Agent\'s connection settings to the Master Server, enter Y. |
For the changes to take effect, you must Restart the Node Agent.
Manual Mode
To configure the Node Agent without interactive mode, run:
## Required for connecting to the Master Server
# -i <hostname|ip_address>: Master Server IP address or host name.
## Optional parameters
# -t: Tests if the Node Agent can connect to the given host name or IP address.
# -k <master_public_key>: Sets the Master Public Key.
# -g <target_group>: Sets the default Target Group for scan locations added for this Agent.
/usr/local/er2/er2-config -i <hostname|ip_address> [-t] [-k <master_public_key>] [-g <target_group>]
For the changes to take effect, you must Restart the Node Agent.
Restart the Node Agent
For your configuration settings to take effect, you must restart the Node Agent:
/usr/local/er2/er2-agent -stop # stops the agent
/usr/local/er2/er2-agent -start # starts the agent
Enable Full Disk Access
Full Disk Access must be enabled to allow ER2 to:
- Probe and scan locations within the top-level Users folder in macOS Catalina 10.15 and above, and/or
- Perform agentless scans in macOS Ventura 13 and above.
To enable Full Disk Access for the installed macOS Agent:
- On the macOS Agent host, open System Settings.
- Click Privacy & Security > Full Disk Access.
- Enable the required full disk access:
-
To probe and scan locations within the top-level Users (/Users) folder in macOS Catalina 10.15 Agents and above, select the toggle button for er2-agent to enable full disk access for the ER2 Agent.
If locations within the /Users folder are scanned without enabling the required full disk access, these locations will be logged as inaccessible locations. -
To perform agentless scans for macOS Ventura 13 Agents and above, also select the toggle button for sshd-keygen-wrapper to enable full disk access for the SSH Secure Shell Key Generator.
-
Uninstall the Node Agent
To completely uninstall the Node Agent, run the following commands:
# Stop the agent
sudo /usr/local/er2/er2-agent -stop
# Stop the ER2 service
sudo launchctl unload /Library/LaunchDaemons/com.groundlabs.plist
# Remove all ER2 agent files
sudo rm -fr /var/run/er2
sudo rm -fr /var/lib/er2
sudo rm /Library/LaunchDaemons/com.groundlabs.plist
sudo pkgutil --forget com.groundlabs.er2-agent
# Delete ER2 agent user
sudo dscl . -delete /Users/erecon
sudo dscl . -delete /Groups/erecon
Upgrade the Node Agent
See Agent Upgrade for more information.