- Définition des informations MAC
- Cet évènement est généré lorsqu’un processus effectue un appel système pour définir les informations MAC associées au processus. Il peut s’agir de définir des labels ou des indicateurs qui contrôlent l’accès aux ressources système.
- Log Level (Niveau du journal)
- 2
- Requiert l’option Verbose (Détaillé)
- Non
AUE_MAC_SET_PROC Example
Exemple de journal de télémétrie pour la définition des informations MAC.
{
"exec_chain_child": {
"parent_path": "/sbin/launchd",
"parent_pid": 1,
"parent_uuid": "84492D4D-24C3-472E-8C19-6417C51FA1D2"
},
"header": {
"event_id": 43122,
"event_modifier": 0,
"event_name": "AUE_MAC_SET_PROC",
"time_milliseconds_offset": 978,
"time_seconds_epoch": 1571163436,
"version": 11
},
"host_info": {
"host_name": "Test_MacBook_Pro",
"host_uuid": "8891C1E2-0AC0-4E4A-844B-EA491B14D115",
"osversion": "Version 12.4 (Build 21F79)",
"primary_mac_address": "38:f9:e8:82:2b:11",
"serial_number": "C03XY889JHG3"
},
"identity": {
"cd_hash": "5d3fdaa460a12021a198c58ca697d31338d66c76",
"signer_id": "com.apple.backupd",
"signer_id_truncated": 0,
"signer_type": 1,
"team_id": "",
"team_id_truncated": 0
},
"return": {
"description": "success",
"error": 0,
"return_value": 0
},
"subject": {
"audit_id": 4294967295,
"audit_user_name": "-1",
"effective_group_id": 0,
"effective_group_name": "wheel",
"effective_user_id": 0,
"effective_user_name": "root",
"group_id": 0,
"group_name": "wheel",
"process_hash": "B701AF52CDA90E4A31B8A164EB0348FC888AB022",
"process_id": 24524,
"process_name": "/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd",
"session_id": 100000,
"terminal_id": {
"addr": [
0
],
"ip_address": "0.0.0.0",
"port": 0,
"type": 0
},
"user_id": 0,
"user_name": "root"
},
"texts": [
"arg: tm/1"
]
}