-
-
-
Installing the macOS Endpoint Agent
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Installing the macOS Endpoint Agent
The agent installer is available as a PKG file. It can either be installed manually or unattended through existing software deployment tools. Also, most device management solutions support the distribution of such packages natively.
Note
Securing the Configuration Directory
To protect the configuration of uberAgent, starting with version 6.1.2, the installer automatically sets the permissions for the agent’s directory so that only
rootcan read or access the installation directory.
Requirements
uberAgent on macOS requires the entitlement for certain privacy privileges through Apple’s Transparency, Consent and Control (TCC) Framework in order to run properly. These can either be assigned manually, as described below or distributed as part of a PPPC profile. The latter can either be created manually by following the documentation provided by Apple or make use of tools like the PPPC-Utility. An example profile is available at the bottom of this page.
Full Disk Access
uberAgent makes use of Apple’s EndpointSecurity (ES) framework (available since macOS 10.15), which requires explicit user authorization. Authorization is granted manually, by adding /Library/uberAgent/uberAgent.app to System Preferences > Security & Privacy > Privacy > Full Disk Access.
Note: Without this permission uberAgent won’t be able to start and will terminate itself. When this happens, you’ll find an error log message indicating that the ES client could not be started due to a missing TCC approval.
Accessibility Access
uberAgent uses the Accessibility framework on macOS to determine parts of the Session Detail metrics. Authorization is granted manually, by adding /Library/uberAgent/uberAgent.app to System Preferences > Security & Privacy > Privacy > Accessibility.
Installation method
Interactive
- The installation of uberAgent can be started by opening
uberAgent.pkgand following the instructions on the screen. - Since uberAgent is installed as a system-wide daemon, the installer will ask for a password for elevated access rights to install it.
Command Line
- The Installer can also be used from the command line to install uberAgent using the command
installer -pkg uberAgent.pkg -target / - This requires root privileges. A command line installation can be executed locally or remotely, e.g., using SSH.
License File
If you have a license file for uberAgent, copy it to the following directory /Library/Application Support/uberAgent. Without a license file, uberAgent displays a splash screen during logon. Contact us for an evaluation license.
Installation Through Splunk Deployment Server
Note: Deployment Server can only be used with Splunk Enterprise and requires Splunk Universal Forwarder on the endpoint as deployment client. Please make sure that Splunk Universal Forwarder has sufficient privileges to perform system-wide installations, e.g. by enabling boot-start.
uberAgent
Copy the directory uberAgent_endpoint from the unzipped uberAgent download package to $SPLUNK_HOME/etc/deployment-apps on your deployment server. Please make sure to apply the executable flag to the installation script by executing chmod +x silent-install.sh. Besides that, the uberAgent_endpoint folder is ready to use for deployment on Windows as well as macOS operating systems.
Note: $SPLUNK_HOME refers to the base directory of the Splunk installation, typically /opt/splunk on Linux.
Configuration
To deploy customized configuration files, copy them into the directory $SPLUNK_HOME/etc/deployment-apps/uberAgent_endpoint/bin. This overwrites existing files under /Library/Application Support/uberAgent/.
License File
If you have a license file for uberAgent, copy it into the directory $SPLUNK_HOME/etc/deployment-apps/uberAgent_endpoint/bin.
Serverclass
Create a file called serverclass.conf in $SPLUNK_HOME/etc/system/local on your deployment server. serverclass.conf defines what to deploy where. For a quick start, paste the following content into serverclass.conf to deploy uberAgent to all macOS machines. You may want to fine-tune this to suit your needs.
# [global]
# We cannot match by machine type here. We'll do that on the app level below.
whitelist.0 = *
# Define a serverclass
[serverClass:macOS]
# Deploy only to macOS machines
machineTypesFilter = darwin-x86_64
# Define which apps to deploy to the serverclass
[serverClass:macOS:app:uberAgent_endpoint]
stateOnClient = enabled
restartSplunkd = true
<!--NeedCopy-->
To make Splunk read the new file serverclass.conf run the following command:
$SPLUNK_HOME/bin/splunk reload deploy-server
<!--NeedCopy-->
Configuration
uberAgent can be configured very flexibly. By editing the configuration, you can switch metrics on or off, change the data collection frequency and significantly reduce the data volume.
Example uberAgent PPPC Profile
This is an exemplary privacy preferences policy control (PPPC) profile to grant uberAgent the necessary TCC privileges.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>uberAgent</string>
<key>PayloadDisplayName</key>
<string>uberAgent</string>
<key>PayloadIdentifier</key>
<string>5FD70527-9AC3-4667-82AF-8F8F44C95C94</string>
<key>PayloadOrganization</key>
<string>vast limits GmbH</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>E86AC250-6BF9-4C91-BB0A-5890F000A48C</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>Accessibility</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.vastlimits.uberAgent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "64N35HHH3F")</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.vastlimits.uberAgent</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.vastlimits.uberAgent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "64N35HHH3F")</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.vastlimits.uberAgent</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>uberAgent</string>
<key>PayloadDisplayName</key>
<string>uberAgent</string>
<key>PayloadIdentifier</key>
<string>5FD70527-9AC3-4667-82AF-8F8F44C95C94</string>
<key>PayloadOrganization</key>
<string>vast limits GmbH</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>F53E14C7-D9ED-4933-8A71-87FD74C9870D</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
<!--NeedCopy-->
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.