Revive dead agents - Mac OS

  • 14 February 2020
  • 3 replies
  • 172 views

Hello there,


Recently we discovered that we had numerous agents going offline randomly in Automox and we wanted to find a way to try to revive those endpoints remotely without having the team on the ground go to each endpoint individually.


We have another service running on our endpoints that could also run Powershell/Bash scripts depending on OS and would run similarly as SYSTEM/Root user.


We made use of this and came up with a script so that endpoints that were still online via this service and not in Automox could be fixed remotely. We’ve seen it work pretty successful thus far and wanted to share in case you might have need of it too.


You could also run this script locally too to revive if you don’t have another service.


All you need to change in the script is the cURL (with Access Key) which you can retrieve from Automox console.


UPDATE: 15th Feb 2020. Added 2 additional functions to check if the service is running and whether there has been an established TCP connection by the agent as a way to determine working agents in case you want to just run the script against all of your endpoints.


#!/bin/bash
PATH=$PATH:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin
export PATH

#function to remove the agent files
#Deregistering will throw sudo: /usr/local/bin/amagent: command not found error if amagent file is not on system.
#This will cause a duplicate entry in Automox when it reinstalls so you will need to remove the old entry in Automox
remove_agent() {
echo "Removing agent remnants..."
launchctl bootout system /Library/LaunchDaemons/com.automox.agent.plist
/usr/local/bin/amagent --deregister
rm -f /usr/local/bin/amagent
rm -rf "/Library/Application Support/Automox/"
}

#function to install the agent
install_agent() {
curl -sS "Automox CURL URL from Console" | bash
launchctl bootstrap system /Library/LaunchDaemons/com.automox.agent.plist
echo "Agent Installed"
}

#function to check if agent files are there
check_agent() {
if [[ -f "/usr/local/bin/amagent" ]] || [[ -f "/Library/LaunchDaemons/com.automox.agent.plist" ]] || [[ -d "/Library/Application Support/Automox" ]]; then
echo "Agent remnants found..."
remove_agent
install_agent

else
echo "Agent not found..."
install_agent
fi
}

#function to check if Automox agent has an active connection
check_connection() {
estb=$(lsof -i -n -P | grep TCP | grep amagent | grep "ESTABLISHED")
svcrun=$(launchctl list | grep automox)
if [[ -z $estb ]] && [[ -z $svcrun ]]; then
echo "No connection found and service is not running"
check_agent
else
echo "Automox has an established connection"
exit 0
fi
}

#function to check if Automox agent is running
check_service() {
svcrun=$(launchctl list | grep automox)
if [[ -z $svcrun ]]; then
echo "Service not running."
launchctl bootstrap system /Library/LaunchDaemons/com.automox.agent.plist
check_connection
else
check_connection
fi
}


check_service


3 replies

Badge

great script @jagmeet.sidhu! Apple has marked the launchctl load/unload commands as deprecated (although they still work currently), so to future proof your script you may want to replace those with:


launchctl bootstrap system /Library/LaunchDaemons/com.automox.agent.plist

and

launchctl bootout system /Library/LaunchDaemons/com.automox.agent.plist


Are these agents showing as “disconnected” in the console? If you haven’t already, we’d love for you to send client logs to the automox support team.


-Tim

Hi @tim.lee, thanks for the advise. Will update the script on my end.


As for logs, unfortunately, because on MacOS it is writing to system.log on MacOS, I couldn’t get the required logs for agents that have long been offline (2019 and before etc…). Would be great if we had a separate log just for Automox. But no worries, this has been helping us quite a bit.


Btw you may wish to update this:

https://support.automox.com/help/removing-the-automox-agent


and the current command installer on mac still says to run launchctl load/unload once it has completed.


Regards,

Jag

Badge

Thank you @jagmeet.sidhu, I will definitely relay that feedback!

Reply