zwass
04/18/2020, 12:42 AMsudo osqueryi --disable_events=false --disable_audit=false --audit_allow_sockets=true
and not seeing any results./etc/security/audit_control
, but does not explain what that is.terracatta
04/18/2020, 1:20 AMseph
04/18/2020, 2:33 AMCptOfEvilMinions
04/20/2020, 3:59 PM/etc/security/audit_control
2. sudo audit -s
3. Reboot
4. Login
5. Open terminal
6. sudo osqueryi --disable_events=false --disable_audit=false --audit_allow_sockets=true
7. Opened Chrome and browsed to google.com, yahoo.com, and reddit.com
8. select * from socket_events;
- No results
macOS version: 10.15.4
Osquery version: 4.3.0zwass
04/20/2020, 6:00 PM