Russell Hancox
18a7992372
Config: Add more protected keys, only protect if a server is set
2015-10-02 16:35:30 -04:00
Russell Hancox
9e935f5bfb
GUI: Include CFBundleName as first item in UI, if available.
2015-10-01 18:53:58 -04:00
Russell Hancox
9f49e24dc5
santad: Update file changes logging to use a configurable regex
2015-10-01 17:57:07 -04:00
Russell Hancox
dbf60f16bc
santactl/sync: Fix typo causing clean sync on every run
2015-09-30 16:00:39 -04:00
Russell Hancox
0f3a228788
santactl/rule: Make help text a little clearer
2015-09-28 17:46:30 -04:00
Russell Hancox
d905f5b095
santactl/rule: Add ability to add certificate rules. Re-write argument parsing.
2015-09-28 17:20:34 -04:00
Russell Hancox
1c310486c7
santactl/status, santad: Show watchdog events in status output
2015-09-28 16:41:33 -04:00
Russell Hancox
4b01c6da91
santactl/status: Report some sync statuses.
2015-09-28 16:14:45 -04:00
Russell Hancox
5782378616
santactl/sync, santad: Add clean sync and last success options, use to initiate clean sync when database is re-created
2015-09-28 16:11:17 -04:00
Russell Hancox
64c97ebfba
santad: If database open fails, delete and re-create.
2015-09-28 16:09:05 -04:00
Russell Hancox
5fd4d56b00
santactl/sync: Add ability to sync blacklist regex
2015-09-28 16:08:11 -04:00
Russell Hancox
e658b5167e
Project: Update README a little
2015-09-24 18:15:03 -04:00
Russell Hancox
cea698d720
SNTCertificate: Add serialNumber and isCa properties.
2015-09-21 17:48:47 -04:00
Russell Hancox
c07f41c312
santad: Stop closing stdout/stderr
2015-09-21 15:59:32 -04:00
Russell Hancox
a837aa0334
santactl/status: Use dispatch group instead of sleeping
2015-09-21 15:59:20 -04:00
Russell Hancox
0050724e22
SNTXPCConnection: Use semaphore instead of variable & sleep.
2015-09-21 15:58:54 -04:00
Russell Hancox
adac4ac75c
SantaGUI: windowWillClose and orderOut are being marked nonnull
2015-09-21 15:51:36 -04:00
Russell Hancox
718f37024a
SNTConfigurator: Use NSPropertyListImmutable instead of kCFPropertyListImmutable
2015-09-21 15:51:03 -04:00
Russell Hancox
fcb3008539
Rakefile: Handle xcpretty missing better
2015-09-21 15:50:22 -04:00
Russell Hancox
8faf3eec53
santactl/sync: Validate incoming rules better
2015-09-16 15:59:50 -04:00
Russell Hancox
2bc3df3255
santad: Stop using mmap while reading files, it can be forced to crash by truncating the file.
2015-09-16 15:52:49 -04:00
Russell Hancox
5b0e550c85
santad: Add BlacklistRegex option, log a useful explanation when decision is made by scope
2015-09-16 14:19:33 -04:00
Russell Hancox
e52211abf2
santa-driver: Release proc_t acquired with proc_find.
2015-09-15 17:23:07 -04:00
Russell Hancox
9b6f231b34
santa-driver: Check for daemon earlier in FetchDecision
2015-09-14 18:20:33 -04:00
Russell Hancox
b71223705f
santa-driver: If daemon fails to provide a response, print the path of the files it failed on
2015-09-14 18:19:56 -04:00
Russell Hancox
863fbe69bb
santa-driver: Simplify AddToCache's locking
2015-09-14 18:19:28 -04:00
Russell Hancox
2d46279961
santa-driver: Use 0 as the client_pid when not connected
2015-09-14 18:18:51 -04:00
Russell Hancox
0d0207d77f
santa-driver: lck_attr and lck_grp_attr need freeing
2015-09-14 18:18:20 -04:00
Russell Hancox
00bbade34f
santa-driver: ClientConnected() should check if process is exiting/dying.
2015-09-14 18:08:57 -04:00
Russell Hancox
682f741ddc
santad: Separate uid/gid fields in log.
2015-09-11 11:35:14 -04:00
Russell Hancox
3d2744c9e3
santactl/sync: Use lib compression for both preflight and event upload phases
2015-09-09 17:13:38 -04:00
Russell Hancox
cc286dcf16
santad: Fix event storage
2015-09-09 17:13:21 -04:00
Russell Hancox
27c6e2a7bd
santa-driver: Don't send file mod messages unless daemon is connected
2015-09-09 14:22:31 -04:00
Russell Hancox
72c7a67ad5
Logging: Limit kernel messages to those actually sent by the kernel
2015-09-09 13:34:30 -04:00
Russell Hancox
8fe5e4e238
Logging: Update logMessage to use asl directly, adding a facility
2015-09-09 11:56:53 -04:00
Russell Hancox
02f23d0c62
santad: Add LogFileChanges option, remove LogAllEvents, fix key protection
2015-09-09 11:56:31 -04:00
Russell Hancox
ff6f4d4152
Common: Update SNTRule and SNTStoredEvent isEqual/hash/description methods.
2015-09-08 16:35:50 -04:00
Russell Hancox
2242f46792
Conf: Don't roll logs too regularly
2015-09-08 16:34:38 -04:00
Russell Hancox
642b5609b2
Tests: Fix tests after adding file write logging
2015-09-08 16:34:21 -04:00
Russell Hancox
98878f3e7c
Kernel/santad: Add file write logging and exec argv's.
...
This necessitated a large refactoring of a bunch of code, hence being a large commit. This moves all event logging into a separate class, moves logging of executions to be from FileOp events rather than Vnode events (so we can get the argv after the execve call has finished) and implements the logging of cached execs.
2015-09-08 16:33:59 -04:00
Russell Hancox
3eb28deccf
santa-driver: Verify input args are not nullptr's.
2015-09-08 14:41:34 -04:00
Russell Hancox
761a852156
santad: Always request sizeof(santa_message_t) regardless of previous message size
2015-09-08 14:40:50 -04:00
Russell Hancox
f4ddb11c1f
santad: Force database permissions on startup
2015-09-08 14:33:25 -04:00
Russell Hancox
75158c11ea
santa-driver: Don't create santa_message_t structs on the stack.
...
Also rename userId field to uid and add gid field to match
2015-08-31 15:21:25 -04:00
Russell Hancox
fe96706b0c
KernelTests: Always unload kext and cleanup tmp after running
2015-08-27 18:03:40 -04:00
Russell Hancox
b87482e824
santad: Move page zero check to after binary/cert rule checks so 'bad' binaries can be whitelisted and notifications will be generated when they're blocked
2015-08-27 15:25:13 -04:00
Russell Hancox
a9ba99dc79
SNTFileInfo: Re-write mach header parsing
2015-08-27 15:25:12 -04:00
Russell Hancox
8884e92a1a
Tests: Add test for missing/bad pagezero
2015-08-27 15:25:12 -04:00
Russell Hancox
6385514257
santad: Block 32-bit binaries with missing/invalid page zero
2015-08-27 15:25:12 -04:00
Russell Hancox
d3ad47022b
Conf: Change log time format to ISO8601Z.3
2015-08-27 15:25:01 -04:00
