VULNERABILITY DIGEST FROM ACTION1

Patch Tuesday and third-party updates | This Wednesday | 12 PM EST / 6 PM CET

Action1 5 Documentation 5 Quick Start Guide for macOS

Action1 Quick Start Guide for MacOS

Before You Begin

System Requirements

 

Prerequisite

Action1 Web Console
Action1 Agents
Protocols and Ports
Required Permissions
Antivirus Allowlist Settings
Privacy & Security Settings

Requirements

Web browser: latest versions of Google Chrome, Mozilla Firefox, Apple Safari. JavaScript and cookies must be enabled. Access to https://www.action1.com.
Operating system:
  • macOS 15 (Sequoia)
  • macOS 14 (Sonoma)
  • macOS 13 (Ventura)
  • macOS 12 (Monterey)
Hardware platform: Mac with Apple Silicon or Intel-based Mac
Memory: minimum 50 MB of available physical memory
Disk space: minimum 100 MB of free disk space
Protocols and ports required for Action1 operation in the macOS environment are the same as those listed in the Firewall Configuration. The only exception is the recommended (non-mandatory) ports intended for P2P communication between endpoints – this feature is currently not supported for macOS systems.
Action1 agent installation requires administrative privileges, so make sure your account is included in the Admin group on the endpoints you plan to manage.
To avoid blocking Action1 by your antivirus software, include the Action1 agent directory /usr/local/action1 in the allowlist of your antivirus settings.
To download Action1 agent installation package, make sure that Security settings allow applications downloaded from App Store and identified developers.

Registering Your Action1 Account

To start using Action1 for software updates and patch management, you should first create an Action1 account. For that:

  1. In your web browser, open this URL: https://www.action1.com/signup/
  2. Select your region from the drop-down list. Currently, the following regions are supported: Australia, North America, and Europe.
  3. Enter the email address for the new account.
  4. Click Create.

Action1 console opens at https://app.action1.com, with your User profile shown as your initials in the top-right corner.

Now you can proceed with installing Action1 agent to the endpoints.

Installing Action1 Agent

The agent is always installed under the administrative account. It resides in /usr/local/action1 directory and operates as a daemon. During its operation, it will securely connect to Action1 Cloud using embedded information about your Action1 organization:

  • The authentication certificate for mutual authentication.
  • A private encryption key, specific to your organization.

The next sections explain how you can install Action1 agent on a local or remote machine. To begin, do the following:

  1. In Action1 web console, navigate to Endpoints and click Install Agents to open the Getting started wizard.
  2. On the Download Agent step, you can either Download the Action1 agent installer locally, or click Copy URL to install the agent on another machine.

Installation on local machine

Do the following:

  1. In the Getting Started wizard, click Download to obtain the script for automated agent installation.
  2. On the local macOS machine, run the Terminal app.
  3. Locate the downloaded script named action1_agent_YourOrganizationName.sh.
  4. Copy the script name with the extension.
  5. Go to the Terminal window and run the following command, providing the script name:
    bash {script_name}

The script will automatically download and start the Action1 agent setup. Follow the Agent setup wizard as described later in this guide.

Installation on remote machines

Do the following:

  1. In the Getting Started wizard, click Copy URL to obtain the command line script for automated agent setup.
  2. Click Copy command. The following line will be copied:
    p=$(pwd) && curl -o "${p}/action1_agent(My_Organization).pkg" "https://app.action1.com/agent/<id>/Mac/agent(My_Organization).pkg" && open "${p}/action1_agent(My_Organization).pkg"
    Here:

     

    • curl – cURL (Client for URL) utility for the file download.
    • -o – a parameter that instructs cURL to save the downloaded PKG file with the same name as in the URL.
    • id – a unique ID associated with a downloadable agent setup for your organization. 
  3. Share the command line with endpoint owners.
  4. Instruct them to launch the copied command using the Terminal window. This command will automatically download the PKG file and start the Action1 Agent setup wizard.

IMPORTANT! Note that the command uses $(pwd), that is, the current working directory. Instruct the endpoint owners to make sure they have sufficient directory permissions (write, execute) before proceeding with this command.

IMPORTANT! Action1 agent account requires elevated privileges.

Agent setup wizard

Follow these steps:

  1. Accept the EULA.
  2. When prompted for destination and type, select Install for all users of this computer.
  1. Don’t change the installation destination – it must be /usr/local/action1.
  2. Enter the administrative account to install the software.
  3. Wait for the installation to complete.

Installing Action1 Agent in Unattended Mode

To install the Action1 agent in unattended mode – that is, without user interaction – do the following:

  1. In the Getting Started wizard, click Copy URL.
  2. Copy the command line and then modify it as follows:
    p=$(pwd) && curl -o "${p}/action1_agent(My_Organization).pkg" "https://app.action1.com/agent/<id>/Mac/agent(My_Organization).pkg" && sudo installer -pkg "${p}/action1_agent(My_Organization).pkg" -target /
    here <id> – a unique ID associated with a downloadable agent setup for your organization. Leave it as is.
  3. Run the modified command on each endpoint you want to manage with Action1.

Important! Action1 agent account requires elevated privileges. Since unattended install mode is not allowed to display any user prompts, running it with non-elevated privileges will fail without any notifications. Make sure you are using the administrative account to install the agent.

Uninstalling Action1 Agent

  • To uninstall Action1 agent using the web console, follow the instructions in Removing Action1 section.
  • To uninstall Action1 agent in the unattended mode, run the uninstall_agent.sh script (co-located with the agent in /usr/local/action1) on each endpoint you want to disconnect from Action1.

Managing Endpoints

The machines where the agent runs are displayed in the Endpoints view in Action1 console. Select Actions next to the new endpoint and see available management actions such as reviewing missing updates, running a script, and others.

Manually Reviewing and Deploying Patches

You can install updates and patches for the multiple software applications. All endpoint information, including missing patches, installed software, and OS details is refreshed in real time. You don’t need to schedule periodic scans to understand if any updates are missing.
In the Endpoints section of the Action1 console, click on the endpoint name.

  1. Select the Missing Updates tab and pick the updates you want to deploy. All applicable updates, both for OS and third-party apps will be shown in one view along with the update type and security severity.
  2. Click Deploy Update to start the update wizard. It will prepopulate the list of selected updates in Step 1.
  3. Click Next Step twice to see the scheduling options in Step 3. Leave the default Run Now for testing purposes and click Finish.
  4. Action1 will begin deploying the selected updates and report status in real time.

Try later: Check out the Vulnerabilities view to remediate vulnerabilities.

Automating Deployment of Critical Updates

Automate patch and vulnerability management routines to ensure compliance of your endpoints. The following example configures an automation to deploy all critical security patches for OS and apps 3 days after they are released.

  1. Navigate to Automations, select New Automation.
  2. On the Deploy Update step, select Matching Filters.
  3. Click Add filter, select Update severities, and select Critical.
  4. Below the filters, click Additional options, select Automatically approve and deploy all matching updates and enter 3 days as the delay parameter.
  1. Then Add Endpoints to select the endpoints or groups.
  2. On the Schedule step, define a schedule for your automation, such as weekly, Sunday & Saturday at 2AM.

Try later: create another automation that requires manual approval of updates and use the Update Approval section to selectively approve or decline updates. Another option is to create a broader automation to cover updates outside of critical updates.

Running Scripts on a Remote Computer

With Action1, you can run bash scripts on multiple remote macOS computers. Read this article to learn how to execute scripts on the remote machines with the help of Action1 tools.