Skip to content
Bastion EDR Docs

macOS Agent Installation

import { Aside } from ‘@astrojs/starlight/components’;

The macOS agent installs as a launchd daemon, runs as root, and requires Full Disk Access to monitor all paths.

Install

Section titled “Install”
Terminal window
curl -Lo bastion-agent.pkg \
  https://github.com/halden-technologies/bastion/releases/latest/download/bastion-agent-macos.pkg


sudo installer -pkg bastion-agent.pkg -target /

Configure the backend URL

Section titled “Configure the backend URL”

Edit /Library/Application Support/Bastion/agent.toml:

[server]
url = "grpc://YOUR_BACKEND_SERVER:50051"

Then reload:

Terminal window
sudo launchctl kickstart -k system/com.bastionedr.agent

Grant Full Disk Access (required)

Section titled “Grant Full Disk Access (required)”

macOS requires explicit TCC permission for the agent to monitor all file paths. In a managed environment, deploy a PPPC (Privacy Preferences Policy Control) profile via your MDM:

<key>Services</key>
<dict>
  <key>SystemPolicyAllFiles</key>
  <array>
    <dict>
      <key>Allowed</key>
      <true/>
      <key>CodeRequirement</key>
      <string>identifier "com.bastionedr.agent" and anchor apple generic</string>
      <key>IdentifierType</key>
      <string>bundleID</string>
      <key>Identifier</key>
      <string>com.bastionedr.agent</string>
    </dict>
  </array>
</dict>

Deploy via Jamf Pro

Section titled “Deploy via Jamf Pro”
  1. In Jamf Pro, upload the PKG as a package.
  2. Create a policy with the package and a script to write agent.toml with your backend URL.
  3. Scope the policy to your Mac inventory groups.