Downloads: Audit Configurations
Download one of the installer packages to get your mac auditing useful stuff.
For details about what the installer packages do and how to recover from any potential problem (!!), see our Notes on Audit Configuration Packages.
Apple's BSM audit system is installed and turned on, but it has a terribly weak configuration. With the default configuration, like "Hogan's Heroes" Sgt. Schultz, you will see nothing. Below are several audit configurations you can download and install that will let you detect a range of attacks on your system.
Either download the installer package, then just double click the installer.
Or download the file and install it manually from the Terminal window. For manual installation, make a backup of the current file, copy the file you downloaded into place, and resynchronize the audit daemon:
$ sudo cp /etc/security/audit_control /etc/audit_control_previous $ sudo cp <filename> /etc/security/audit_control $ sudo audit -s
After installing, restart your machine for the audit configuration to take full effect.
Low level
I'm just a normal person, so I don't think I will be targeted. This is my personal machine.
To double click and go, download: installer package.
To install manually, download: mavericks_audit_control_min.
Medium level
I think I might eventually be the target an hacker, criminal, or spy. Maybe I keep valuable data on my machine such as financial information or documents for my company.
To double click and go: installer package.
To install manually, download: mavericks_audit_control_mod.
High level
OK, I'm paranoid. I've read what these advanced attackers can do. I want to turn auditing on full!.
To double click and go: installer package.
To install manually, download: mavericks_audit_control_max.
Apple's original configuration
I want to return to Apple's default audit configuration.
To double click and go: installer packages.
To install manually, download: mavericks_audit_control.