Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Collecting system wide provenance on Mac OS X
The OpenBSM reporter collects provenance from across the operating system using the Mac OS X kernel's auditing of system calls.
This reporter is built automatically when SPADE's top-level
make command is issued.
Before this reporter can be used, the below commands must be executed from within the
SPADE directory. The commands only need to be executed once after compiling SPADE. (Note: This will let normal users access the OpenBSM audit stream.)
sudo chown root lib/spadeOpenBSM sudo chmod ug+s lib/spadeOpenBSM
No argument is needed when starting this reporter in the SPADE controller:
-> add reporter OpenBSM Adding reporter OpenBSM... done