Skip to main content

Hello there,



Recently we discovered that we had numerous agents going offline randomly in Automox and we wanted to find a way to try to revive those endpoints remotely without having the team on the ground go to each endpoint individually.



We have another service running on our endpoints that could also run Powershell/Bash scripts depending on OS and would run similarly as SYSTEM/Root user.



We made use of this and came up with a script so that endpoints that were still online via this service and not in Automox could be fixed remotely. We’ve seen it work pretty successful thus far and wanted to share in case you might have need of it too.



You could also run this script locally too to revive if you don’t have another service.



All you need to change in the script is the cURL (with Access Key) which you can retrieve from Automox console.



UPDATE: 15th Feb 2020. Added 2 additional functions to check if the service is running and whether there has been an established TCP connection by the agent as a way to determine working agents in case you want to just run the script against all of your endpoints.



#!/bin/bash

PATH=$PATH:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin

export PATH



#function to remove the agent files

#Deregistering will throw sudo: /usr/local/bin/amagent: command not found error if amagent file is not on system.

#This will cause a duplicate entry in Automox when it reinstalls so you will need to remove the old entry in Automox

remove_agent() {

echo "Removing agent remnants..."

launchctl bootout system /Library/LaunchDaemons/com.automox.agent.plist

/usr/local/bin/amagent --deregister

rm -f /usr/local/bin/amagent

rm -rf "/Library/Application Support/Automox/"

}



#function to install the agent

install_agent() {

curl -sS "Automox CURL URL from Console" | bash

launchctl bootstrap system /Library/LaunchDaemons/com.automox.agent.plist

echo "Agent Installed"

}



#function to check if agent files are there

check_agent() {

if i -f "/usr/local/bin/amagent" ]] || | -f "/Library/LaunchDaemons/com.automox.agent.plist" ]] || | -d "/Library/Application Support/Automox" ]]; then

echo "Agent remnants found..."

remove_agent

install_agent



else

echo "Agent not found..."

install_agent

fi

}



#function to check if Automox agent has an active connection

check_connection() {

estb=$(lsof -i -n -P | grep TCP | grep amagent | grep "ESTABLISHED")

svcrun=$(launchctl list | grep automox)

if i -z $estb ]] && mp -z $svcrun ]]; then

echo "No connection found and service is not running"

check_agent

else

echo "Automox has an established connection"

exit 0

fi

}



#function to check if Automox agent is running

check_service() {

svcrun=$(launchctl list | grep automox)

if i -z $svcrun ]]; then

echo "Service not running."

launchctl bootstrap system /Library/LaunchDaemons/com.automox.agent.plist

check_connection

else

check_connection

fi

}





check_service



great script @jagmeet.sidhu! Apple has marked the launchctl load/unload commands as deprecated (although they still work currently), so to future proof your script you may want to replace those with:



launchctl bootstrap system /Library/LaunchDaemons/com.automox.agent.plist


and


launchctl bootout system /Library/LaunchDaemons/com.automox.agent.plist



Are these agents showing as “disconnected” in the console? If you haven’t already, we’d love for you to send client logs to the automox support team.



-Tim


Hi @tim.lee, thanks for the advise. Will update the script on my end.



As for logs, unfortunately, because on MacOS it is writing to system.log on MacOS, I couldn’t get the required logs for agents that have long been offline (2019 and before etc…). Would be great if we had a separate log just for Automox. But no worries, this has been helping us quite a bit.



Btw you may wish to update this:


https://support.automox.com/help/removing-the-automox-agent



and the current command installer on mac still says to run launchctl load/unload once it has completed.



Regards,


Jag


Thank you @jagmeet.sidhu, I will definitely relay that feedback!


Reply