Snare is available as a self installing package that enables it to be installed and removed with relative ease on macOS systems.
...
Right-click the downloaded package Snare-macOS-10.1411-SUPPAgent-5v5.36.01-Universal.pkg and select Open.
Follow the on screen instructions. This will install Snare for macOS and configure the macOS audit sub-system.
- Restart the machine
...
- Logon as root user, i.e. at the command prompt enter the command:
Code Block language text sudo -s
and enter the root password when prompted.
- Issue the command, as root:
Code Block language text installer -pkg Snare-macOS-11-Agent-v5.6.1-Universal.pkg -target /Note: version <5.6.1
Code Block language text installer -pkg Snare-macOS-10.14-SUPP-5.3.0.pkg -target /
This will install Snare for macOS and start/restart the audit daemon (auditd).
- Restart the machine
...