Linux - Software Lifecycle - Install Rapid7 Insight Agent

What the Rapid7 Agent installer does

This Automox Worklet™ downloads and installs the Rapid7 Insight Agent on Linux endpoints running x86_64 or ARM64 architectures. The Worklet detects the endpoint architecture, retrieves the appropriate installer from Rapid7's servers, and executes the installation using your provided Rapid7 User Token.

The installation process runs the Rapid7 agent control script with the install_start command, which registers the endpoint with your Rapid7 Insight platform account. The Worklet then verifies that the ir_agent service is active and running on the endpoint.

Visibility gaps without continuous vulnerability scanning

Manual vulnerability assessments run quarterly or monthly, leaving weeks or months between scans when zero-day exploits emerge. Your security team cannot identify newly disclosed vulnerabilities until the next scheduled scan completes, creating exposure windows that attackers actively exploit. Missing patches and configuration weaknesses remain invisible until periodic assessment cycles detect them.

Manual agent deployment across distributed Linux endpoints delays vulnerability detection program launches. Compliance frameworks like CIS Benchmarks and NIST 800-53 require continuous vulnerability monitoring, creating audit failures when scanning gaps exist. Inconsistent agent deployment leaves endpoints unmonitored, generating blind spots in your security posture.

How Rapid7 agent installation works

1. Evaluation phase: Checks if the ir_agent service is already running. If the service is active, the Worklet exits without changes. If the /opt/rapid7/ir_agent directory exists but the service is inactive, the Worklet also exits to prevent duplicate installations.

2. Remediation phase: Downloads the architecture-specific installer (x86_64 or ARM64) from Rapid7's public endpoint, makes it executable, runs the installer with your Rapid7 User Token, and verifies the ir_agent service started successfully. The final verification checks for the agent binary at /opt/rapid7/ir_agent/ir_agent.

Linux Insight Agent installation requirements

• Active Rapid7 Insight account with valid Rapid7 User Token

• Rapid7 User Token configured as a secret input in the policy (use Automox Secrets Management)

• Linux endpoints with x86_64 or ARM64 architecture

• curl utility available for downloading the installer

• systemctl support (systemd init system)

• Sufficient disk space in /opt directory

• Compatible Linux distribution (tested with major distributions)

Outcomes after enabling continuous vulnerability detection

The ir_agent service runs continuously, providing real-time vulnerability scanning that detects zero-day exploits within hours of disclosure. Your endpoints register automatically with Rapid7 Insight, appearing in the console with complete asset metadata including OS version, IP addresses, and open ports. The security team gains immediate visibility into missing patches and configuration weaknesses without waiting for periodic scan cycles.

Vulnerability alerts flow automatically to your security operations team for prioritization and remediation. Your organization meets CIS Benchmarks and NIST 800-53 continuous monitoring requirements with documented compliance evidence. Failed deployments generate detailed error logs in Automox Activity showing token validation or connectivity issues for troubleshooting.

How to validate install rapid7 insight agent changes

1. Run this Worklet on a pilot Linux endpoint and review evaluation output for install rapid7 insight agent.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as function, return, else.

4. Validate remediation effects from script operations such as function, return, else, then rerun evaluation for compliance.

Expected state after install rapid7 insight agent changes

After remediation, endpoints reflect the target install rapid7 insight agent configuration and report compliant status in Automox.

You can confirm results by correlating activity logs with evaluation checks (function, return, else) and remediation actions (function, return, else).