diff --git a/administration/agent.rst b/administration/agent.rst index 95bca25..8ff3af0 100644 --- a/administration/agent.rst +++ b/administration/agent.rst @@ -92,16 +92,16 @@ To install the agent on macOS, you can just run the PKG file or execute the foll .. code-block:: console - MacBook-Pro:~ nextron$ sudo installer -pkg /home/nextron/Downloads/asgard2-agent-macos-arm64.pkg -target / + MacBook-Pro:~ nextron$ sudo installer -pkg /Users/nextron/Downloads/asgard2-agent-macos-arm64.pkg -target / Starting with macOS Big Sur (v11.0), Apple requires software developers to notarize applications. Our ``asgard2-agent`` installer is notarized. -You can test it by executing the following command in Terminal: +You can test it, by executing the following command in Terminal: .. code-block:: console - MacBook-Pro:~ nextron$ pkgutil --check-signature /home/nextron/Downloads/asgard2-agent-macos-arm64.pkg + MacBook-Pro:~ nextron$ pkgutil --check-signature /Users/nextron/Downloads/asgard2-agent-macos-arm64.pkg Package "asgard2-agent-macos-arm64.pkg": Status: signed by a developer certificate issued by Apple for distribution Notarization: trusted by the Apple notary service diff --git a/administration/uninstall.rst b/administration/uninstall.rst index a25faeb..c5ba27f 100644 --- a/administration/uninstall.rst +++ b/administration/uninstall.rst @@ -70,3 +70,5 @@ Uninstall ASGARD Agents on macOS user@mac:~$ sudo /private/var/lib/asgard2-agent/asgard2-agent-service uninstall user@mac:~$ sudo rm -r /var/lib/asgard2-agent/asgard2-agent user@mac:~$ sudo rm -r /var/lib/thor + +Remove manually the ``asgard2-agent-service`` from ``System Settings`` > ``Privacy & Security`` > ``Full Disk Access``. \ No newline at end of file diff --git a/appendix/gatekeeper.rst b/appendix/gatekeeper.rst index 11b27a7..8b43790 100644 --- a/appendix/gatekeeper.rst +++ b/appendix/gatekeeper.rst @@ -3,15 +3,35 @@ Bypass Apple verification during installation of asgard2-agent ============================================================== -This document aims to describe possible workarounds, intended to be a +This section aims to describe possible workarounds, intended to be a reference for IT administrators or IT packaging teams to bypass Apple verifications and install the personalized ``asgard2-agents`` on macOS Big Sur (or newer) workstations. + +Starting with macOS 15 +~~~~~~~~~~~~~~~~~~~~~~~ + +**Option 1: Remove the quarantine flag from the ASGARD Agent installer via terminal session** + +.. code-block:: console + + MacBook-Pro:~ nextron$ sudo xattr -rd com.apple.quarantine /Users/nextron/Downloads/asgard2-agent-macos-arm64.pkg + +**Option 2: Unblock the installer via the Security Settings** + +1. Navigate to ``System Settings`` > ``Privacy & Security`` > ``Security`` +2. Click on button ``Open anyway`` next to ``asgard2-agent-macos-arm64.pkg ...`` + +.. figure:: ../images/macos_privacy_and_security_security.png + :scale: 72 + :alt: macOS Privacy & Security + +Before macOS 15 +~~~~~~~~~~~~~~~ .. warning:: - Executing any of the workarounds described in this document puts your - system at risk for a short period of time. This document will deactivate - global security mechanisms of the operating system, which are intended to + Executing this workaround puts your system at risk for a short period of time. + It will deactivate global security mechanisms of the operating system, which are intended to protect the integrity of the system. Please make sure to follow the below steps carefully and enable those security mechanisms after you are done. @@ -41,7 +61,7 @@ Please follow the below steps to install the ASGARD Agent on macOS. .. warning:: Make sure to activate the macOS Gatekeeper once you are done: - + ``sudo spctl --master-enable`` You can verify the state of the macOS Gatekeeper with: diff --git a/images/macos_privacy_and_security_security.png b/images/macos_privacy_and_security_security.png new file mode 100644 index 0000000..98fba6c Binary files /dev/null and b/images/macos_privacy_and_security_security.png differ