Instance Property

audit_token

A token for use with Basic Security Mode (BSM) auditing functions.

Declaration

audit_token_t audit_token;

Discussion

Use this token with the functions defined in libbsm.h to extract values such as the process identifier (PID), user identifier (UID), and group identifier (GID).

See Also

Inspecting the Source Process

executable

The file containing the executed process.

is_es_client

A Boolean value that indicates whether the process connects to the Endpoint Security subsystem.

is_platform_binary

A Boolean value that indicates whether the process is a platform binary.