Uninstall Rapid7 Agent from Linux

Hey there @Max Newman 

You will need to add the agent_installer-x86_64.sh script as a payload. Rapid7 installer has an uninstaller switch. Worked well for us. 

# Evaluation Code

#!/bin/sh

#evaluate the device to see if the Rapid7 service is running
#process running exit with a 0
#process not running exit with a 1

rapid7=$(ps -e | grep ir_agent)

if [ "$rapid7" ]
then 
  exit 1
else 
  exit 0
fi

# Remediation Code

#!/bin/sh

#run installation
cp agent_installer-x86_64.sh /tmp/agent_installer-x86_64.sh
chmod u+x /tmp/agent_installer-x86_64.sh
sudo /tmp/agent_installer-x86_64.sh uninstall

Thanks heaps @jack.smith this has proven really helpful :)

Hello
And to install on linux does anyone have it?

Similar process, upload the agent_installer-x86_64.sh file as a payload

Evaluation Code

#!/bin/sh

#evaluate the device to see if the Rapid7 service is running
#process running exit with a 0
#process not running exit with a 1

rapid7=$(ps -e | grep ir_agent)

if [ "$rapid7" ]
then 
  exit 0
else 
  exit 1
fi

Remediation

#!/bin/sh

#run installation
cp agent_installer-x86_64.sh /tmp/agent_installer-x86_64.sh
chmod u+x /tmp/agent_installer-x86_64.sh
sudo /tmp/agent_installer-x86_64.sh install_start --token us:fd2d4a4f-ca65-494d-9548-66d36b080cc7

rapid7=$( ps -e | grep ir_agent)

if [ "$rapid7" ]
then
  echo "installed succesfully"
  exit 0
else
  echo "failed to install"
  exit 1
fi

Hello
First of all, I want to thank you for the help, it worked very well in our environment.
But if you can give us one more tip, in our environment we are using Rapid7 also for macbooks, would you know how to install the agent in this case?
The problem is that we have two types of agent for macbooks, one for macbooks with intel processors and the other for macbooks with arm processors (m2, m3...)

agent_installer-arm64.sh
agent_installer-x86_64.sh

Thank you very much

Hi @Fabio Brigoni for Mac, I’d use the following. I've not tested this in a few years, but was effective when I did use it. 

#!/bin/bash

if [[ $(uname -m) == 'arm64' ]]; then
  echo "Using ARM installer"
  scp agent_installer-arm64.sh /tmp
  chmod u+x /tmp/agent_installer-arm64.sh  
  sudo /tmp/agent_installer-arm64.sh install_start --token us:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx > /dev/null 2>&1
else
  echo "Using Intel installer."
  scp agent_installer-x86_64.sh /tmp
  chmod u+x /tmp/agent_installer-x86_64.sh  
  sudo /tmp/agent_installer-x86_64.sh install_start --token us:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx > /dev/null 2>&1
fi

rapid7=$( ps -e | grep ir_agent)
if [ "$rapid7" ]
then
  echo "Installed Successfully"
  exit 0
else
  echo "Failed to Install"
  exit 1
fi

According to Rapid7, they will be deprecating .sh installer. Is there something with .deb that can be used for install and uninstall of rapid7 agent on linux?

If that is the case I think you can just use apt

systemctl stop ir_agent.service
sudo apt remove rapid7-insight-agent
sudo apt purge rapid7-insight-agent

If you want to use the deb file you could play around with 

sudo dpkg -r $(dpkg -f rapid7-installer.deb Package)