#!/usr/bin/env bash # # agentbee — customer-facing bootstrap. Served at https://install.securitybeez.com # # curl -fsSL https://install.securitybeez.com | sudo FLEET_TOKEN=xxxx bash # # Detects the OS/arch, adds the GPG-signed SecurityBeez repo, writes the token to # /etc/agentbee/agent.conf, and installs `agentbee` — which auto-enrolls on install. set -euo pipefail REPO_HOST="repo.securitybeez.com" GPG_KEY_URL="https://${REPO_HOST}/agentbee.gpg" # binary keyring (apt signed-by) GPG_ASC_URL="https://${REPO_HOST}/agentbee.asc" # ASCII-armored (rpm --import) KEYRING="/usr/share/keyrings/agentbee.gpg" [ "$(id -u)" -eq 0 ] || { echo "run as root (sudo)"; exit 1; } : "${FLEET_TOKEN:?set FLEET_TOKEN=... (from the SecurityBeez portal)}" . /etc/os-release 2>/dev/null || true say() { printf '\033[0;36m[agentbee]\033[0m %s\n' "$*"; } install_apt() { say "adding apt repo (${REPO_HOST})" install -m 0755 -d /usr/share/keyrings # key is served as a BINARY keyring — no gpg needed on the endpoint # (minimal Debian/Ubuntu images don't ship gpg) curl -fsSL "$GPG_KEY_URL" -o "$KEYRING" chmod 0644 "$KEYRING" echo "deb [signed-by=${KEYRING}] https://${REPO_HOST}/apt stable main" \ > /etc/apt/sources.list.d/agentbee.list apt-get update -o Dir::Etc::sourcelist=sources.list.d/agentbee.list \ -o Dir::Etc::sourceparts=- -o APT::Get::List-Cleanup=0 write_conf apt-get install -y agentbee } install_yum() { say "adding yum repo (${REPO_HOST})" rpm --import "$GPG_ASC_URL" cat >/etc/yum.repos.d/agentbee.repo </dev/null || true write_conf if command -v dnf >/dev/null; then dnf install -y agentbee; else yum install -y agentbee; fi } # Write the token BEFORE install so the package's postinstall auto-enrolls. write_conf() { install -m 0700 -d /etc/agentbee umask 077 printf 'FLEET_TOKEN="%s"\n' "$FLEET_TOKEN" > /etc/agentbee/agent.conf } if command -v apt-get >/dev/null 2>&1; then install_apt elif command -v dnf >/dev/null 2>&1 || command -v yum >/dev/null 2>&1; then install_yum else echo "unsupported distro: need apt or yum/dnf" >&2; exit 1 fi say "done — check status with: sudo agentbee status"