Russell Hancox
8faf3eec53
santactl/sync: Validate incoming rules better
2015-09-16 15:59:50 -04:00
Russell Hancox
2bc3df3255
santad: Stop using mmap while reading files, it can be forced to crash by truncating the file.
2015-09-16 15:52:49 -04:00
Russell Hancox
5b0e550c85
santad: Add BlacklistRegex option, log a useful explanation when decision is made by scope
2015-09-16 14:19:33 -04:00
Russell Hancox
e52211abf2
santa-driver: Release proc_t acquired with proc_find.
2015-09-15 17:23:07 -04:00
Russell Hancox
9b6f231b34
santa-driver: Check for daemon earlier in FetchDecision
2015-09-14 18:20:33 -04:00
Russell Hancox
b71223705f
santa-driver: If daemon fails to provide a response, print the path of the files it failed on
2015-09-14 18:19:56 -04:00
Russell Hancox
863fbe69bb
santa-driver: Simplify AddToCache's locking
2015-09-14 18:19:28 -04:00
Russell Hancox
2d46279961
santa-driver: Use 0 as the client_pid when not connected
2015-09-14 18:18:51 -04:00
Russell Hancox
0d0207d77f
santa-driver: lck_attr and lck_grp_attr need freeing
2015-09-14 18:18:20 -04:00
Russell Hancox
00bbade34f
santa-driver: ClientConnected() should check if process is exiting/dying.
2015-09-14 18:08:57 -04:00
Russell Hancox
682f741ddc
santad: Separate uid/gid fields in log.
2015-09-11 11:35:14 -04:00
Russell Hancox
3d2744c9e3
santactl/sync: Use lib compression for both preflight and event upload phases
2015-09-09 17:13:38 -04:00
Russell Hancox
cc286dcf16
santad: Fix event storage
2015-09-09 17:13:21 -04:00
Russell Hancox
27c6e2a7bd
santa-driver: Don't send file mod messages unless daemon is connected
2015-09-09 14:22:31 -04:00
Russell Hancox
72c7a67ad5
Logging: Limit kernel messages to those actually sent by the kernel
2015-09-09 13:34:30 -04:00
Russell Hancox
8fe5e4e238
Logging: Update logMessage to use asl directly, adding a facility
2015-09-09 11:56:53 -04:00
Russell Hancox
02f23d0c62
santad: Add LogFileChanges option, remove LogAllEvents, fix key protection
2015-09-09 11:56:31 -04:00
Russell Hancox
ff6f4d4152
Common: Update SNTRule and SNTStoredEvent isEqual/hash/description methods.
2015-09-08 16:35:50 -04:00
Russell Hancox
2242f46792
Conf: Don't roll logs too regularly
2015-09-08 16:34:38 -04:00
Russell Hancox
642b5609b2
Tests: Fix tests after adding file write logging
2015-09-08 16:34:21 -04:00
Russell Hancox
98878f3e7c
Kernel/santad: Add file write logging and exec argv's.
...
This necessitated a large refactoring of a bunch of code, hence being a large commit. This moves all event logging into a separate class, moves logging of executions to be from FileOp events rather than Vnode events (so we can get the argv after the execve call has finished) and implements the logging of cached execs.
2015-09-08 16:33:59 -04:00
Russell Hancox
3eb28deccf
santa-driver: Verify input args are not nullptr's.
2015-09-08 14:41:34 -04:00
Russell Hancox
761a852156
santad: Always request sizeof(santa_message_t) regardless of previous message size
2015-09-08 14:40:50 -04:00
Russell Hancox
f4ddb11c1f
santad: Force database permissions on startup
2015-09-08 14:33:25 -04:00
Russell Hancox
75158c11ea
santa-driver: Don't create santa_message_t structs on the stack.
...
Also rename userId field to uid and add gid field to match
2015-08-31 15:21:25 -04:00
Russell Hancox
fe96706b0c
KernelTests: Always unload kext and cleanup tmp after running
2015-08-27 18:03:40 -04:00
Russell Hancox
b87482e824
santad: Move page zero check to after binary/cert rule checks so 'bad' binaries can be whitelisted and notifications will be generated when they're blocked
2015-08-27 15:25:13 -04:00
Russell Hancox
a9ba99dc79
SNTFileInfo: Re-write mach header parsing
2015-08-27 15:25:12 -04:00
Russell Hancox
8884e92a1a
Tests: Add test for missing/bad pagezero
2015-08-27 15:25:12 -04:00
Russell Hancox
6385514257
santad: Block 32-bit binaries with missing/invalid page zero
2015-08-27 15:25:12 -04:00
Russell Hancox
d3ad47022b
Conf: Change log time format to ISO8601Z.3
2015-08-27 15:25:01 -04:00
Russell Hancox
138d4b507d
SantaGUI: Fix fast-user-switching support.
2015-08-18 17:00:38 -04:00
Russell Hancox
3c0b195bcf
Update travis.yml to add Cocoapod caching
2015-08-07 17:27:15 -04:00
Russell Hancox
d941a71bb5
Package: Forcibly make santactl symlink
2015-08-05 16:19:37 -04:00
Russell Hancox
08697d9daf
KernelTests: Fix lots-of-executions test
2015-08-05 15:59:41 -04:00
Russell Hancox
8959871988
Rakefile: Clean before dist
2015-08-05 15:59:34 -04:00
Russell Hancox
bb43a04992
SNTFileInfo: Always try to get embedded info.plist before bundle plist
2015-08-05 12:01:05 -04:00
Russell Hancox
5f93dc7991
Project: Stop trying to be smart with logging destinations
2015-08-04 18:13:04 -04:00
Russell Hancox
9be8eb223c
KernelTests: Stop blocking ps while tests are running, block ed instead.
2015-08-04 17:13:35 -04:00
Russell Hancox
e8b6c47e0f
KernelTests: Remove timeout, chdir to tmp dir before executing, add lots-of-binaries test
2015-08-04 17:13:20 -04:00
Russell Hancox
697d442afb
Project: Update Mac OS X -> OS X.
2015-08-04 13:54:55 -04:00
Russell Hancox
5dbd261b5a
GUI: Allow selection of all fields and add ppid to end of parent name.
2015-08-04 13:53:47 -04:00
Russell Hancox
9bc94ca658
GUI: Add defaultBlockMessage configuration
2015-08-04 13:52:44 -04:00
Russell Hancox
4404b5f849
santactl/sync: Default to ephemeralSessionConfiguration to avoid caching
2015-08-03 18:03:51 -04:00
Russell Hancox
6a4b73b8a9
santa-driver: Before posting request to santa, ensure it exists in the cache already
2015-08-03 18:02:57 -04:00
Russell Hancox
b6146224b3
santa-driver: Make "cache too large" log info instead of debug
2015-08-03 18:02:34 -04:00
Russell Hancox
e3593c1b0c
santad: fclose stderr for santactl sync too
2015-07-22 16:35:25 -04:00
Russell Hancox
90a2f10da6
santactl/rule: Print usage when args are bad, catch missing long arguments.
...
Fixes #20
2015-07-22 13:48:43 -04:00
Russell Hancox
60bab1c004
Rakefile: Don't miss santad/santactl dSYMs
2015-07-21 15:22:14 -04:00
Russell Hancox
0898940d0b
santad: Pass santa_message_t straight to SNTExecutionController
2015-07-21 14:52:53 -04:00
