Month: January 2019

BSM Codes

~ Ed ~ Leave a comment

0x00000000:no:invalid class

0x00000001:fr:file read

0x00000002:fw:file write

0x00000004:fa:file attribute access

0x00000008:fm:file attribute modify

0x00000010:fc:file create

0x00000020:fd:file delete

0x00000040:cl:file close

0x00000080:pc:process

0x00000100:nt:network

0x00000200:ip:ipc

0x00000400:na:non attributable

0x00000800:ad:administrative

0x00001000:lo:login_logout

0x00002000:aa:authentication and authorization

0x00004000:ap:application

0x10000000:res:reserved for internal use

0x20000000:io:ioctl

0x40000000:ex:exec

0x80000000:ot:miscellaneous

0xffffffff:all:all flags set

Apple Push Notification Service (APNS)

~ Ed ~ Leave a comment

JAMF resources link has a great overview of Making Apple Push Notification Service Available On Your Network.

Link https://resources.jamf.com/documents/products/documentation/making-apple-push-notification-service-available-on-your-network.pdf

The Apple Push Notification Service (APNs) forwards notifications between MDM solutions to Apple iOS and OS X devices. The device makes an accredited and encrypted IP connection with the APNs, receiving notifications over this persistent connection via APNs. APNs is a critical part of configuring and securing mobile devices. If there are things that prevent the direct and persistent connection to and from APNs then the entire MDM management capabilities will be inoperative.

Link: https://www.jamf.com/resources/making-apple-push-notification-service-available-on-your-network/

LaunchD

~ Ed ~ Leave a comment

<code><code><?xml version=”1.0″ encoding=”UTF-8″?><!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”><plist version=”1.0″><dict> <key>GroupName</key> <string>wheel</string> <key>InitGroups</key> <true/> <key>Label</key> <string>com.edms.rsync.job</string> <key>ProgramArguments</key> <array> <string>/Library/Scripts/eDMS/edmsrsyncclient.sh</string> </array> <key>StartCalendarInterval</key> <dict> <key>Hour</key> <integer>16</integer> <key>Minute</key> <integer>45</integer> </dict> <key>UserName</key> <string>root</string></dict></plist></code>

great application: http://www.soma-zone.com/LaunchControl/

Unified Logging in macOS

~ Ed ~ Leave a comment

With the introduction of “Unified Logging” in macOS 10.12 Sierra, one can use the log command to view system log messages in a terminal. For example

sudo log stream

or

sudo log stream –process `pgrep -f /usr/local/bin/myprogram` –info –debug

or

log show –predicate ‘process == “myprogram”‘ –last 1h –info –debug

——–++++++
sudo log stream –info –predicate ‘ eventMessage contains “password”‘ –last 15m > /Users/promin/Desktop/loggs/

——— This will pull incorrect password attempts ———-
sudo log show –info –predicate ‘ eventMessage contains “incorrect password attempt”‘ –last 15m > /Users/promin/Desktop/loggs/lol.txt

log show –info –predicate ‘ eventMessage contains “login”‘ –last 3d > /Users/promin/Desktop/loggs

log show –info –predicate ‘ eventMessage contains “sudo”‘ –last 3d > /Users/promin/Desktop/loggs

———— LINKS

https://www.dssw.co.uk/blog/2017-03-02-view-power-manager-unified-logs-on-macos/