Skip to main content

Looking for a bash script to uninstall Rapid7 agent on Linux/Ubuntu … please :)

Hey there @Max Newman 

 

You will need to add the agent_installer-x86_64.sh script as a payload. Rapid7 installer has an uninstaller switch. Worked well for us. 

 

# Evaluation Code

#!/bin/sh

#evaluate the device to see if the Rapid7 service is running
#process running exit with a 0
#process not running exit with a 1

rapid7=$(ps -e | grep ir_agent)

if > "$rapid7" ]
then
exit 1
else
exit 0
fi

# Remediation Code

#!/bin/sh

#run installation
cp agent_installer-x86_64.sh /tmp/agent_installer-x86_64.sh
chmod u+x /tmp/agent_installer-x86_64.sh
sudo /tmp/agent_installer-x86_64.sh uninstall

 


Thanks heaps @jack.smith this has proven really helpful :)


Hello
And to install on linux does anyone have it?


Hello
And to install on linux does anyone have it?

Similar process, upload the agent_installer-x86_64.sh file as a payload

 

Evaluation Code

#!/bin/sh

#evaluate the device to see if the Rapid7 service is running
#process running exit with a 0
#process not running exit with a 1

rapid7=$(ps -e | grep ir_agent)

if f "$rapid7" ]
then
exit 0
else
exit 1
fi

Remediation

#!/bin/sh

#run installation
cp agent_installer-x86_64.sh /tmp/agent_installer-x86_64.sh
chmod u+x /tmp/agent_installer-x86_64.sh
sudo /tmp/agent_installer-x86_64.sh install_start --token us:fd2d4a4f-ca65-494d-9548-66d36b080cc7

rapid7=$( ps -e | grep ir_agent)

if f "$rapid7" ]
then
echo "installed succesfully"
exit 0
else
echo "failed to install"
exit 1
fi

 


Hello
First of all, I want to thank you for the help, it worked very well in our environment.
But if you can give us one more tip, in our environment we are using Rapid7 also for macbooks, would you know how to install the agent in this case?
The problem is that we have two types of agent for macbooks, one for macbooks with intel processors and the other for macbooks with arm processors (m2, m3...)

agent_installer-arm64.sh
agent_installer-x86_64.sh

 

Thank you very much


Hi @Fabio Brigoni for Mac, I’d use the following. I've not tested this in a few years, but was effective when I did use it. 

 

#!/bin/bash

if /> $(uname -m) == 'arm64' ]]; then
echo "Using ARM installer"
scp agent_installer-arm64.sh /tmp
chmod u+x /tmp/agent_installer-arm64.sh
sudo /tmp/agent_installer-arm64.sh install_start --token us:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx > /dev/null 2>&1
else
echo "Using Intel installer."
scp agent_installer-x86_64.sh /tmp
chmod u+x /tmp/agent_installer-x86_64.sh
sudo /tmp/agent_installer-x86_64.sh install_start --token us:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx > /dev/null 2>&1
fi

rapid7=$( ps -e | grep ir_agent)
if / "$rapid7" ]
then
echo "Installed Successfully"
exit 0
else
echo "Failed to Install"
exit 1
fi

 


According to Rapid7, they will be deprecating .sh installer. Is there something with .deb that can be used for install and uninstall of rapid7 agent on linux?


According to Rapid7, they will be deprecating .sh installer. Is there something with .deb that can be used for install and uninstall of rapid7 agent on linux?

If that is the case I think you can just use apt

systemctl stop ir_agent.service
sudo apt remove rapid7-insight-agent
sudo apt purge rapid7-insight-agent

If you want to use the deb file you could play around with 

sudo dpkg -r $(dpkg -f rapid7-installer.deb Package)

 


Reply