github/santa
1
1
Fork 0
mirror of https://github.com/google/santa.git synced 2026-01-14 08:47:57 -05:00
Code Issues Packages Projects Releases Wiki Activity
920 Commits 2 Branches 101 Tags
1.14
Commit Graph

920 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Russell Hancox
ff9cb34490 Project: avoid public visibility (#483) 1.14 2020-07-20 12:19:14 -04:00
Russell Hancox
60405f1e10 Fix some recent warnings (#482) 2020-07-20 11:36:25 -04:00
Edward Eigerman
ac9d3b2adf Update AboutWindow.xib (#481) 
Remove the word "whitelist" from the user-facing window.
 2020-07-17 22:11:23 -04:00
Russell Hancox
7e8bd46da3 Docs: fix readthedocs config (#480) 
Fixes #479
 2020-07-16 12:37:45 -04:00
Tom Burgin
2f6ed455e5 add fork and exit logging (#478) 
* added fork and exit logging

* what did you use?

* review updates
 2020-07-09 16:36:23 -04:00
Tom Burgin
8cb86b6d1d syncservice: create stub for syncservice (#477) 
* stub for santasyncservice

* update protocol
 2020-07-08 15:42:42 -04:00
Russell Hancox
fc074f6014 santactl: Make logging around rule download clearer (#476) 2020-07-08 10:09:56 -04:00
bfreezy
a7856e60e8 Add example System Extension and TCC configuration profiles (#474) 
* add system extension policy example

* add tcc profile policy example

* set bundle ID to com.google.santa.daemon
 2020-06-11 20:44:59 -04:00
Russell Hancox
41a40c9fbd Docs: remove whitelist/blacklist (#471) 2020-06-08 13:46:18 -04:00
Russell Hancox
8c18f6ebf5 Project: Update terminology in README (#470) 2020-06-08 12:41:44 -04:00
Tom Burgin
949053fedd update kext cache (#469) 2020-06-08 11:15:22 -04:00
Russell Hancox
8d2c39b71d Project: update whitelist/blacklist -> allowlist/blocklist (part 1: code) (#468) 2020-06-08 11:11:30 -04:00
Russell Hancox
8f872fb4fc Project: disable known deprecated warnings (#467) 2020-06-04 11:52:24 -04:00
Russell Hancox
5512f8cf19 santad/sysx: Prevent unlinking databases (#465) 
* santad/sysx: Prevent unlinking databases
 2020-06-01 13:21:30 -04:00
Russell Hancox
6742b38e31 santad: If database is locked don't attempt to unlink it (#466) 
* santad: If database is locked don't attempt to unlink it
 2020-05-29 17:22:23 -04:00
Russell Hancox
d1635f7e11 santad: Fix decision fetching for certs by hash (#464) 
* santad: Fix decision fetching for certs by hash

Fixes #463
 2020-05-11 11:43:07 -04:00
Tom Burgin
e2b865c081 prevent a dual duel (#462) 
* prevent a dual duel

* bump version
 2020-05-04 11:42:08 -04:00
Bradley Kemp
012b02de5d Update EventDetailURL docs 
%bundle_id% and %bundle_ver% do not exist any more, they were removed by 6f417a1775 (diff-3250262f27ab2cb96ad4b47abdc9d51fL95-L108)
 2020-05-01 07:22:57 -04:00
Russell Hancox
11ebead617 Add security policy link to README 2020-04-08 13:26:05 -04:00
Russell Hancox
e3fbabfe37 Create SECURITY.md 2020-04-08 13:26:05 -04:00
Russell Hancox
8757da7822 Version bump to 1.13 2020-04-07 17:14:02 -04:00
Russell Hancox
428582f471 santa-driver: fix use-after-free race in Get*MemoryDescriptor() 2020-04-07 17:14:02 -04:00
Russell Hancox
6e0effc0f4 santa-driver: fix off-by-one bug in externalMethod 2020-04-07 17:14:02 -04:00
Russell Hancox
683114fbec santa-driver: fix integer overflow/underflow in bucket_counts() 2020-04-07 17:14:02 -04:00
Tom Burgin
d9ebb4e3db version bump (#455) 1.12 2020-03-17 16:27:40 -04:00
Tom Burgin
e6aaf2f198 Santa.app: don't request SystemExtension loading (#454) 2020-03-17 16:23:48 -04:00
Tom Burgin
1c3757d4ab santactl: don't watch for config changes (#453) 
* santactl: don't watch for config changes

* bump version
1.11 		2020-03-16 18:40:36 -04:00
Tom Burgin
4346bb29c2 santactl: sanitize rule payload (#450) 
* santactl: sanitize rule payload

* version bump
1.10 		2020-02-27 15:16:40 -05:00
Tom Burgin
09655df8fc com.google.santa.daemon: reorder cleanup() (#448) 
* com.google.santa.daemon: reorder cleanup()

* version bump
1.9 		2020-02-26 15:13:51 -05:00
Tom Burgin
7504cd36e1 Simplify install scripts (#447) 
* installer to respect EnableSystemExtension

* conform
1.8 		2020-02-26 12:58:12 -05:00
Tom Burgin
cafef66933 version bump (#446) 1.7 2020-02-25 15:14:42 -05:00
Tom Burgin
0c4e9d4b06 slurp up com.google.santa.daemon dsyms (#445) 2020-02-21 18:28:15 -05:00
Tom Burgin
ac07f5d54b santad: add prefixes on a background thread (#444) 
* add prefixes on a background thread

* version bump
1.6 		2020-02-21 16:54:42 -05:00
Tom Burgin
d116f7b01e santad: wait for driver connection before adding prefix filters (#443) 
* wait for driver connection before adding prefix filters

* version bump

* fix travis build
1.5 		2020-02-21 14:58:12 -05:00
Tom Burgin
63ca34bc54 santad: fix launch path and args for loading the system extension (#442) 
* missing /

* version bump

* that was close
1.4 		2020-02-20 20:01:42 -05:00
Tom Burgin
c894029c33 version bump to 1.3 (#441) 1.3 2020-02-19 17:08:30 -05:00
Tom Burgin
de2bdd6653 update EnableSystemExtension when the config changes 🤦 (#440) 2020-02-19 17:03:58 -05:00
Tom Burgin
2d066ad671 version bump to 1.2 (#439) 2020-02-19 14:06:20 -05:00
Tom Burgin
24854d4ad7 Config: EnableSystemExtension option (#438) 
* Config: add EnableSystemExtension option

* format

* i don't trust kvo

* review updates
 2020-02-18 17:48:06 -05:00
Russell Hancox
99ee0af178 Project: bump version to 1.1 (#436) 1.1 2020-02-12 11:17:44 -05:00
Russell Hancox
bf6f78df09 common: Eliminate VLA usage in SNTFileInfo (#435) 
VLAs complicate static analysis and bloat stack size. Replace VLA allocation with calls to malloc and free
 2020-02-11 10:55:57 -05:00
Russell Hancox
c05806916b santad: Add config flag to block all binaries with bad signatures. (#434) 
* santad: Add option to block all binaries with bad signatures.
 2020-02-10 13:45:22 -05:00
Russell Hancox
e48ce0cfe3 santad: Move signature fetching into SNTPolicyProcessor (#433) 
This also removes an unnecessary hash, checks code signatures on non-MachO files (which is rare but possible) and fixes a rare crash in EndpointSecurityManager
 2020-02-07 14:32:00 -05:00
Tom Burgin
eabca469b9 update readme with a note about system extension (#431) 2020-02-06 12:50:33 -05:00
Russell Hancox
f6dc36e812 santactl/sync: Skip event upload for clean sync 
This lets a clean sync clear out the existing events without attempting to upload them.
 2020-01-13 14:56:01 -05:00
Russell Hancox
ac7cbdfd16 Project: update apple rules to 0.19.0 2020-01-13 14:25:38 -05:00
Tom Burgin
d1d008af0a don't log TRUNCATE and don't log fileops from com.google.santa.daemon (#428) 
* don't log TRUNCATE and don't log fileops from com.google.santa.daemon

* review updates
1.0.3 		2019-12-20 14:00:16 -05:00
Tom Burgin
5db56e01f5 cleanup 10.14 -> 10.15 upgrade artifacts (#427) 
* cleanup 10.14 -> 10.15 upgrade artifacts

* exit exit

* exit exit
 2019-12-19 15:56:59 -05:00
Tom Burgin
726c49bec5 com.google.santa.daemon: handle es deadline (#426) 
* com.google.santa.daemon: deny execs that are about to exceed the es deadline

* update comment

* actually handle the deadline
 2019-12-16 13:03:20 -05:00
Tom Burgin
ae5db5dde7 com.google.santa.daemon: lookup the tty for deny decisions before posting the decision (#425) 2019-12-13 15:24:21 -05:00