I noticed that BSM audit is deprecated with macOS 11 beta(Xcode 12 beta).
Is there any replacement? Or any suggestion?
Is there any replacement? Or any suggestion?
BSM audit is deprecated
Yes, EndpointSecurity.Is there any replacement?
A good place to start here is WWDC 2020 Session 10159 Build an Endpoint Security app.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Hi Eskimo,
Thank you for your nice reply!
But I want to confirm is there a feature list comparison?
For example,
with Audit log, there are Authentication and authorization (aa) and Login/Logout (lo) events,
but there seems be no such events with Endpoint Security now.
Is there any suggestion for such parts?
Thank you very much!
Thank you for your nice reply!
But I want to confirm is there a feature list comparison?
For example,
with Audit log, there are Authentication and authorization (aa) and Login/Logout (lo) events,
but there seems be no such events with Endpoint Security now.
Is there any suggestion for such parts?
Thank you very much!
If you rely on things from BSM that aren’t present in EndpointSecurity, I encourage you to file a bug with the details (what’s missing and what you’re using them for). Please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Hi @Jacy_Jiang,
Were you able to find out the replacement for Login/Logout Events and Authentication/Authorization events from EndPoint Security? Because those are not mentioned in the events types present in EndPointSecurity.
Please let me know if you have found any replacement on how to capture login/Logout events in system-extensions.
Thank you very much!
Were you able to find out the replacement for Login/Logout Events and Authentication/Authorization events from EndPoint Security? Because those are not mentioned in the events types present in EndPointSecurity.
Please let me know if you have found any replacement on how to capture login/Logout events in system-extensions.
Thank you very much!
EndpointSecurity does not currently support log{in,out} events, up to and including 11.0b9. I stand by my advice from my previous post: If you need this, file an enhancement request for it.
Please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Thanks for you reply.
The case ID: FB8802252 (Open BSM being deprecated with Big Sur)
So Is there any other way to capture the login/logout events using system extensions?
Thanks.FB8802252
No. For the moment you can monitor login and logout events using using BSM, and specifically auditpipe (see its man page).Is there any other way to capture the login/logout events using system
extensions?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Is there any timeline when will login logout events be available in Endpoint security ?
Apple has not made any announcements about that.Is there any timeline when will login logout events be available in
Endpoint security?
Did you file your own bug enhancement request for that? If so, what was the bug number?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
@eskimo, here's my feedback for the same enhancement request FB8603023 which has had no response for the last 2 months.
Where does it state that BSM Audit is deprecated? I am on Xcode 12 Beta 6, and compiling code that uses libbsm audit API (ioctl preselect token, aureadtok, aufetchtok, etc) are not indicated as being deprecated.
According to these notes from the Security Lab, libbsm audit is indeed deprecated but what does this mean? Will it go away completely in future version of Big Sur or macOS? Is there a stated timeline on this deprecation?
According to these notes from the Security Lab, libbsm audit is indeed deprecated but what does this mean? Will it go away completely in future version of Big Sur or macOS? Is there a stated timeline on this deprecation?
We were clear about this in WWDC 2020 Session 10159 Build an Endpoint Security app. I’m not sure how much that’s reflected in the current SDK headers.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"