Merge pull request #226 from Pierre-Gronau-ndaal/patch-12

Update auditctl.yaml
tclahr · May 20, 2024 · 38ff6b6 · 38ff6b6
2 parents c2304a6 + 7b12fd9
commit 38ff6b6
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/artifacts/files/logs/macos.yaml b/artifacts/files/logs/macos.yaml
@@ -24,4 +24,11 @@ artifacts:
     collector: file
     path: /%user_home%/Library/Logs
     max_file_size: 1073741824 # 1GB
+  -
+    description: Collect auditd logs.
+    # Reference: https://medium.com/@boutnaru/the-macos-process-journey-auditd-audit-log-management-daemon-1addd6698016
+    supported_os: [macos]
+    collector: file
+    path: /var/audit
+    max_file_size: 1073741824 # 1GB
 
diff --git a/artifacts/live_response/system/auditctl.yaml b/artifacts/live_response/system/auditctl.yaml
@@ -12,4 +12,4 @@ artifacts:
     collector: command
     command: auditctl -s
     output_file: auditctl_-s.txt
-
+
Original file line number	Diff line number	Diff line change
Expand Up		@@ -12,4 +12,4 @@ artifacts:
		collector: command
		command: auditctl -s
		output_file: auditctl_-s.txt