Mac Client Installation
You can install the Tenable Patch client on MacOS by installing the appropriate package and running the adaptivactl setup command. The setup command installs the TPM client, configure firewall rules, and run post-installation checks to ensure functionality. The setup progress prints to the terminal and exit with a 0 exit-code if successful. If the client setup fails for any reason, it exits with a non-zero exit-code.
The adaptivactl setup command checks for port availability before client setup. If a firewall is detected, setup creates firewall rules using the appropriate application: ufw with the DEB package, firewalld with the RPM package, and socketfilterfw with the MacOS package.
The client now runs post-setup checks to confirm connectivity with the server and other services. The setup waits for these checks to be completed. You can skip these checks using the --skip-connection-checks flag.
There are several different installation packages provided for cross-platform device installations. Be sure to use the correct one for your operating system. Locate the installers\cross-platform folder in the downloaded .zip file. Replace <version> with the appropriate version.
MacOS Installation
-
Open a Command terminal window, then run the following command to execute the package:
-
sudo installer -tgt / -pkg ./tenable-patch-client-<version>-macOS.pkg
-
-
Run the following adaptivactl command in setup mode to configure the client:
-
sudo /opt/tenable/patchclient/bin/adaptivactl setup <flags>
Note: The --server flag is required, and all other flags are optional. Refer to the following table for the available parameters. Example: sudo /opt/tenable/patchclient/bin/adaptivactl setup --server tpmserver.corp.example --server-guid 1cb07a9e-a88c-4db2-8fe3-2eb7748545d6
-
-
Once the client installation is completed, the client performs a series of connection checks
-
[info] Running connection checks…
-
[info] The connection check ‘HTTP Connection’ has started
-
[info] The connection check ‘HTTP Connection’ has passed
-
-
When the connection checks are completed, the Patch Client is fully online and ready to be managed.
adaptivactl command line parameters
| Required Flag | Value |
|---|---|
| --server <hostname> | <ip address> | url:port |
IP Address, hostname, or URL of the Tenable Server to which the client reports to. |
| --server-guid <guid> |
The GUID of the Tenable Server to use to connect to the server using the Cloud Relay server. If absent the cloud relay is not used. |
| Optional Flags | Value |
|---|---|
| --auth-secret <secret> |
The client authentication secret to use to authenticate with the server. If absent, no authentication is performed with the server. |
| --proxy <scheme>://<host>:<port> |
The HTTP proxy to use. Has the format <scheme>://<host>:<port>. If absent, the system-wide proxy is used if configured. |
| --tenant-guid <guid> |
The Tenant GUID used in multi-tenant environments. |
| --cloud-tenant-id <tenant id> |
The ID of the cloud tenant in cloud-hosted environments. |
| --system-config <property>=<value> |
A system config value to set during setup. Has the format <property>=<value>. This flag may be repeated multiple times. |
| --skip-firewall-rules> |
Skip the creation of firewall rules. |
| --skip-connection-checks> |
Skip the post-setup connection checks. |
Examples
Direct server using an IP address, an HTTP proxy, and a custom system config:
sudo /opt/tenable/patchclient/bin/adaptivactl setup --server 198.50.100.241 --proxy http://198.50.100.3:8080 --system-config onesite.server_message_retry_interval=60
Server using cloud relay, hostname, client authentication:
sudo /opt/tenable/patchclient/bin/adaptivactl setup --server server.corp.example --server-guid 1cb07a9e-a88c-4db2-8fe3-2eb7748545d6
Modify system configuration
The adaptivactl command can also be used to read and write system config values using the config operation.
The following command reads the value of a system config property:
sudo /opt/tenable/patchclient/bin/adaptivactl config get <property>
The following command sets the value of a system config property:
sudo /opt/tenable/patchclient/bin/adaptivactl config set <property> <value>