-
Notifications
You must be signed in to change notification settings - Fork 22
Expand file tree
/
Copy pathinstall-macos.sh
More file actions
executable file
·132 lines (112 loc) · 4.19 KB
/
install-macos.sh
File metadata and controls
executable file
·132 lines (112 loc) · 4.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/bin/bash
set -e
# Environment variables:
# VANTA_KEY (the Vanta per-domain secret key)
# VANTA_OWNER_EMAIL (the email of the person who owns this computer)
# VANTA_REGION (the region Vanta Device Monitor talks to, such as "us", "eu" or "aus".)
PKG_URL="https://agent-downloads.vanta.com/targets/versions/2.16.1/vanta-universal.pkg"
# Checksum needs to be updated when PKG_URL is updated.
CHECKSUM="66c71af348441c7efdb88d98fd43e8f9d401bd21976bcb0ff7b1a4fb56a9628c"
DEVELOPER_ID="Vanta Inc (632L25QNV4)"
CERT_SHA_FINGERPRINT="48893790A4B4FB1684589E3AC91CC25EDD5284F9E7BA07025CBDF2814FE74984"
PKG_PATH="$(mktemp -d)/vanta.pkg"
VANTA_CONF_PATH="/etc/vanta.conf"
##
# Vanta needs to be installed as root; use sudo if not already uid 0
##
if [ $(echo "$UID") = "0" ]; then
SUDO=''
else
SUDO='sudo -E'
fi
if [ -z "$VANTA_KEY" ]; then
printf "\033[31m
You must specify the VANTA_KEY environment variable in order to install Vanta Device Monitor.
\n\033[0m\n"
exit 1
fi
if [ -z "$VANTA_OWNER_EMAIL" ]; then
printf "\033[31m
You must specify the VANTA_OWNER_EMAIL environment variable in order to install Vanta Device Monitor.
\n\033[0m\n"
exit 1
fi
if [ -z "$VANTA_REGION" ]; then
printf "\033[31m
You must specify the VANTA_REGION environment variable in order to install Vanta Device Monitor.
\n\033[0m\n"
exit 1
fi
function onerror() {
printf "\033[31m$ERROR_MESSAGE
Something went wrong while installing Vanta Vanta Device Monitor.
If you're having trouble installing, please send an email to support@vanta.com, and we'll help you fix it!
\n\033[0m\n"
}
trap onerror ERR
##
# Download Vanta Device Monitor
##
printf "\033[34m\n* Downloading Vanta Device Monitor\n\033[0m"
rm -f $PKG_PATH
curl --progress-bar $PKG_URL >$PKG_PATH
##
# Checksum
##
printf "\033[34m\n* Ensuring checksums match\n\033[0m"
downloaded_checksum=$(shasum -a256 $PKG_PATH | cut -d" " -f1)
if [ $downloaded_checksum = $CHECKSUM ]; then
printf "\033[34mChecksums match.\n\033[0m"
else
printf "\033[31m Checksums do not match. Please contact support@vanta.com \033[0m\n"
rm -f $PKG_PATH
exit 1
fi
##
# Check Developer ID
##
printf "\033[34m\n* Ensuring package Developer ID matches\n\033[0m"
if pkgutil --check-signature $PKG_PATH | /usr/bin/grep -q "$DEVELOPER_ID"; then
printf "\033[34mDeveloper ID matches.\n\033[0m"
else
printf "\033[31m Developer ID does not match. Please contact support@vanta.com \033[0m\n"
rm -f $PKG_PATH
exit 1
fi
##
# Check Developer Certificate Fingerprint
##
printf "\033[34m\n* Ensuring package Developer Certificate Fingerprint matches\n\033[0m"
if pkgutil --check-signature $PKG_PATH | /usr/bin/tr -d '\n' | /usr/bin/tr -d ' ' | /usr/bin/grep -q "SHA256Fingerprint:$CERT_SHA_FINGERPRINT"; then
printf "\033[34mDeveloper Certificate Fingerprint matches.\n\033[0m"
else
printf "\033[31m Developer Certificate Fingerprint does not match. Please contact support@vanta.com \033[0m\n"
rm -f $PKG_PATH
exit 1
fi
##
# Install Vanta Device Monitor
##
printf "\033[34m\n* Installing Vanta Device Monitor. You might be asked for your password...\n\033[0m"
ACTIVATION_REQUESTED_NONCE=$(date +%s000)
CONFIG="{\"ACTIVATION_REQUESTED_NONCE\":$ACTIVATION_REQUESTED_NONCE,\"AGENT_KEY\":\"$VANTA_KEY\",\"OWNER_EMAIL\":\"$VANTA_OWNER_EMAIL\",\"NEEDS_OWNER\":true,\"REGION\":\"$VANTA_REGION\"}"
echo "$CONFIG" | $SUDO tee "$VANTA_CONF_PATH" > /dev/null
$SUDO /bin/chmod 600 "$VANTA_CONF_PATH"
$SUDO /usr/sbin/chown root:wheel "$VANTA_CONF_PATH"
$SUDO /usr/sbin/installer -pkg $PKG_PATH -target / >/dev/null
rm -f $PKG_PATH
##
# check if Vanta Device Monitor is running
# return val 0 means running,
# return val 2 means running but needs to register
##
$SUDO /usr/local/vanta/vanta-cli status || [ $? == 2 ]
printf "\033[32m
Your Vanta Device Monitor is running properly. It will continue to run in the
background and submit data to Vanta.
You can check the status of Vanta Device Monitor using the \"vanta-cli status\" command.
If you ever want to stop Vanta Device Monitor, please use the toolbar icon or
the vanta-cli command. It will restart automatically at login.
To register this device to a new user, run \"vanta-cli register\" or click on \"Register Vanta Device Monitor\"
on the toolbar.
\033[0m"