Install cnspec on macOS
The environment variable MONDOO_REGISTRATION_TOKEN allows you to pass a registration token to the installation package. If provided, the client will register automatically during the installation.
If you install cnspec on machines that can't download and install updates (because they're air-gapped or don't give cnspec write access), you must deploy cnspec providers. To learn more, read Manage cnspec Providers.
Install using the automated install script
The Mondoo automated installation script installs the mondoo package using either the Homebrew package manager or a .pkg installer if Homebrew is unavailable.
# export MONDOO_REGISTRATION_TOKEN="<YOUR_TOKEN_HERE>"
bash -c "$(curl -sSL https://install.mondoo.com/sh)"
Install directly via Homebrew
Mondoo supports installation using the Homebrew package manager on macOS.
brew tap mondoohq/mondoo
brew install mondoo
brew upgrade mondoo
Install using the universal binary package
Mondoo releases a signed and notarized universal binary package (.pkg) for Intel & ARM (M1/M2) platforms available at releases.mondoo.com that installs cnspec on hosts.
Additionally, the package installs, but does not start or enable, a launchd configuration for running cnspec continuously as a service for endpoint security. This package is ideal for deployment by MDM solutions.
For more information on running Mondoo as a service on macOS, see Running Mondoo as a service.
To install the PKG non-interactively use the installer utility in a Terminal:
installer -pkg ./mondoo_(version)_darwin_universal.pkg -target /Library
Mitigate hostname changes
Sometimes when changing locations and networks, macOS devices can change their hostname. When this happens, you see two or more entries for the same workstation in the Mondoo Console. To mitigate this problem, open the Mondoo configuration file located at ~/.config/mondoo/mondoo.yml and add this line:
id-detector: machine-id