MacOS
Probe Install
All versions of Intel and ARM are supported.
curl -sL https://api.preludesecurity.com/download/install/detect.pkg -o detect.pkg
echo "REGISTRATION_STRING='<account>/<token>'" > /tmp/prelude_installer.env
sudo installer -pkg detect.pkg -target /
To uninstall and kill the running process use the uninstall script.
sudo bash /Library/PreludeSecurity/uninstall
Probe service control
How to check the status and control the probe service.
Check if Prelude Probe service is running
sudo launchctl list | grep com.preludesecurity.detect
Stop Prelude Probe service
sudo launchctl disable system/com.preludesecurity.detect
Start Prelude Probe service
sudo launchctl enable system/com.preludesecurity.detect
Restart Prelude Probe service
sudo launchctl kickstart -k system/com.preludesecurity.detect
Logging
/var/log/prelude/probe.log
Jamf Deployment
This process will walk you through creating a bash script that will download, install and register the MacOS Detect probe (.pkg) via JAMF. The bash script below can be used with any other MacOS MDM tool that can run bash scripts. The Detect Probe handles updates automatically so no additional logic is required to keep your probes up to date.
- Log in to your JAMF Pro web console
- Navigate to "Settings" gear icon, top right side
- Navigate to "Computer Management"
- Select Scripts and + new Script option
- Fill out display name like "detect_install" then move to "Script" tab
- Ensure Mode is "Shell/Bash" and paste the following Bash Script into the script window, replacing '/' with the installation token string from your Detect Environment
- Example:
echo "REGISTRATION_STRING='mt04bs6rvobsi3cy2iio4bl9ysznkc6l/3ptupok7-6wni-lltx-l7sx-yku0k896rgrq'" > /tmp/prelude_installer.env
- Example:
#!/bin/bash
# Set the name of the package
package_name="detect.pkg"
# Check if the package is already installed
package_installed=$(launchctl list | grep com.preludesecurity.detect &> /dev/null; echo $?)
if [ $package_installed -eq 0 ]; then
echo "Package $package_name is already installed."
else
echo "Package $package_name is not installed. Installing..."
# Define installation
curl -sL https://api.preludesecurity.com/download/install/detect.pkg -o /tmp/detect.pkg
echo "REGISTRATION_STRING='<account>/<token>'" > /tmp/prelude_installer.env
installer -pkg /tmp/detect.pkg -target /
install_result=$?
if [ $install_result -eq 0 ]; then
echo "Package $package_name installed successfully."
else
echo "Failed to install package $package_name."
exit 1
fi
fi
exit 0
- Click Save
- Now we will create a policy that will run the script on our defined endpoints, navigate to the "Policies" section and " + New"
- Under Options select "Scripts" and "Configure"
- Select the Script created above ("detect_install" in our example) and click "add"
- Fill out name for policy, for example: "Detect Probe Install Check"
- Select Trigger and execution frequency (for example, once every week at computer startup)
- Next define Scope
- Fill out any other settings that may be applicable to your environment and save
Note: To troubleshoot or confirm the script executed successfully:
- Navigate to any machine in the targeted scope
- Select History, and Policy Logs
- If the script executed you will see it listed here and can see the result by clicking "details"
Updated 9 months ago