/
Installing Snare

Installing Snare

Owned by Svetlana Sheptiy
Last updated: Oct 13, 2022
Snare is available as a self installing package that enables it to be installed and removed with relative ease on macOS systems.
There are two methods to install the Snare macOS Agent binary package. The first method uses the graphical macOS environment, the second method uses the command line installer.


To install the Snare for macOS using binary package installer

  1. Right-click the downloaded package Snare-macOS-11-Agent-v5.6.1-Universal.pkg and select Open.

  2. Follow the on screen instructions. This will install Snare for macOS and configure the macOS audit sub-system.

  3. Restart the machine


To install the Snare for macOS using the command line

  1. Logon as root user, i.e. at the command prompt enter the command:
    sudo -s

    and enter the root password when prompted.

  2. Issue the command, as root:
    installer -pkg Snare-macOS-11-Agent-v5.6.1-Universal.pkg -target /

    Note: version <5.6.1

    installer -pkg Snare-macOS-10.14-SUPP-5.3.0.pkg -target /

    This will install Snare for macOS and start/restart the audit daemon (auditd).

  3. Restart the machine


Note: default configuration file snare.conf will be created in /etc/security/ directory.

Related pages

Uninstall Snare
Uninstall Snare
Snare macOS Agent v5 Documentation
Read with this
Release Notes for Snare macOS Agent v5.7.0
Release Notes for Snare macOS Agent v5.7.0
Snare macOS Agent v5 Documentation
Read with this
Appendix C - Debug logs
Appendix C - Debug logs
Snare macOS Agent v5 Documentation
Read with this