AUE_ssauthorize

Documentación de implementación sin conexión de Jamf Protect

Solution

Application

Content Type

Documentación técnica

Utilities & Services

ft:locale

es-ES

Check Permission (Comprobar permiso): El registro de comprobación de permisos devuelve datos relacionados con el momento en el que un proceso solicita acciones que requieren permisos elevados, y si el sistema ya ha almacenado en caché esos permisos antes de la autorización.
Log Level (Nivel de registro): 1
Requiere ajuste detallado.: No

Ejemplo de AUE_ssauthorize

Este es un ejemplo de registro de telemetría para un evento de comprobar permiso.

{
  "exec_chain": {
    "uuid": "31C43784-E15F-4029-AFAE-E2883E7F3DB6"
  },
  "exec_chain_child": {
    "parent_path": "/sbin/launchd",
    "parent_pid": 1,
    "parent_uuid": "4AB281FE-6D4A-4E79-8508-E91FCA39BA02"
  },
  "header": {
    "time_seconds_epoch": 1657906216,
    "time_milliseconds_offset": 351,
    "version": 11,
    "event_modifier": 0,
    "event_id": 45025,
    "event_name": "AUE_ssauthorize"
  },
  "host_info": {
    "serial_number": "C03WG0H4HDTS",
    "host_name": "Test_MacBook_Pro",
    "osversion": "Version 12.4 (Build 21F79)",
    "host_uuid": "8891C1E2-0AC0-4E4A-844B-EA491B14D115"
  },
  "identity": {
    "signer_id": "com.apple.authd",
    "team_id_truncated": false,
    "signer_id_truncated": false,
    "cd_hash": "1cca9f67041916be9f31c171936ebd700c73f55e",
    "team_id": "",
    "signer_type": 1
  },
  "key": "4A2BDB3C-B049-4EFB-A744-9D9B0D9699B8",
  "return": {
    "error": 0,
    "description": "success",
    "return_value": 0
  },
  "subject": {
    "session_id": 100000,
    "group_id": 0,
    "process_name": "/System/Library/PrivateFrameworks/SystemAdministration.framework/XPCServices/writeconfig.xpc/Contents/MacOS/writeconfig",
    "parent_pid": 1,
    "effective_user_name": "root",
    "user_id": 0,
    "group_name": "wheel",
    "parent_uuid": "4AB281FE-6D4A-4E79-8508-E91FCA39BA02",
    "uuid": "31C43784-E15F-4029-AFAE-E2883E7F3DB6",
    "effective_group_id": 0,
    "process_hash": "5eda24617e4ffc1ec13d4edff1ff44b1d678c9a2",
    "audit_id": 4294967295,
    "responsible_process_id": 343,
    "parent_path": "/sbin/launchd",
    "process_id": 343,
    "effective_group_name": "wheel",
    "audit_user_name": "",
    "effective_user_id": 0,
    "terminal_id": {
      "type": 4,
      "ip_address": "0.0.0.0",
      "port": 745
    },
    "responsible_process_name": "/System/Library/PrivateFrameworks/SystemAdministration.framework/XPCServices/writeconfig.xpc/Contents/MacOS/writeconfig",
    "user_name": "root"
  },
  "texts": [
    "end evaluation"
  ]
}