github/santa
1
1
Fork 0
mirror of https://github.com/google/santa.git synced 2026-01-15 01:08:12 -05:00
Code Issues Packages Projects Releases Wiki Activity
945 Commits 2 Branches 101 Tags
1.17
Commit Graph

275 Commits

Author SHA1 Message Date
Tom Burgin
01e4e15b81 santactl sync: add config option to enable legacy zlib content encoding (#522) 2020-12-23 10:36:39 -05:00
Tom Burgin
3e7a191bf7 fix SNTLoggingKernel BUILD rule (#518) 2020-12-17 16:35:13 -05:00
avanzini
0a83445838 Log pidversion along with pid. (#512) 2020-12-08 09:46:34 -05:00
Russell Hancox
fa785ad3c2 Kernel: fix some header imports (#505) 2020-10-26 10:05:25 -04:00
Russell Hancox
5dae0cabdd Project: fix some lint (#504) 2020-10-22 14:01:32 -04:00
Tom Burgin
d1c33baf35 project: add EnableDebugLogging option (#501) 
* project: add EnableDebugLogging option

* review updates
 2020-10-22 10:11:18 -04:00
Tom Burgin
d2bbdff373 Add the option to ignore actions from other ES clients (#498) 
* [com.google.santa.daemon]: add the option to ignore actions from other ES clients

* review updates

* review updates
 2020-10-21 13:20:13 -04:00
Hugh Neale
7840270dd0 Support for %hostname%, %uuid% and %serial% to eventDetailURLForEvent (#493) 
Added support for %hostname%, %uuid% and %serial% to eventDetailURLForEvent to provide additional system information for blocked events & updated documentation references for supported URL params.
 2020-08-31 10:38:35 -04:00
Russell Hancox
ff9cb34490 Project: avoid public visibility (#483) 2020-07-20 12:19:14 -04:00
Russell Hancox
60405f1e10 Fix some recent warnings (#482) 2020-07-20 11:36:25 -04:00
Tom Burgin
2f6ed455e5 add fork and exit logging (#478) 
* added fork and exit logging

* what did you use?

* review updates
 2020-07-09 16:36:23 -04:00
Tom Burgin
8cb86b6d1d syncservice: create stub for syncservice (#477) 
* stub for santasyncservice

* update protocol
 2020-07-08 15:42:42 -04:00
Russell Hancox
8d2c39b71d Project: update whitelist/blacklist -> allowlist/blocklist (part 1: code) (#468) 2020-06-08 11:11:30 -04:00
Russell Hancox
8f872fb4fc Project: disable known deprecated warnings (#467) 2020-06-04 11:52:24 -04:00
Tom Burgin
1c3757d4ab santactl: don't watch for config changes (#453) 
* santactl: don't watch for config changes

* bump version
 2020-03-16 18:40:36 -04:00
Tom Burgin
de2bdd6653 update EnableSystemExtension when the config changes 🤦 (#440) 2020-02-19 17:03:58 -05:00
Tom Burgin
24854d4ad7 Config: EnableSystemExtension option (#438) 
* Config: add EnableSystemExtension option

* format

* i don't trust kvo

* review updates
 2020-02-18 17:48:06 -05:00
Russell Hancox
bf6f78df09 common: Eliminate VLA usage in SNTFileInfo (#435) 
VLAs complicate static analysis and bloat stack size. Replace VLA allocation with calls to malloc and free
 2020-02-11 10:55:57 -05:00
Russell Hancox
c05806916b santad: Add config flag to block all binaries with bad signatures. (#434) 
* santad: Add option to block all binaries with bad signatures.
 2020-02-10 13:45:22 -05:00
Russell Hancox
e48ce0cfe3 santad: Move signature fetching into SNTPolicyProcessor (#433) 
This also removes an unnecessary hash, checks code signatures on non-MachO files (which is rare but possible) and fixes a rare crash in EndpointSecurityManager
 2020-02-07 14:32:00 -05:00
Tom Burgin
ed5be6b062 com.google.santa.daemon: async es message handling (#421) 
* fix Santa.xcodeproj

* com.google.santa.daemon: some es tweaks

* review updates
 2019-12-09 11:21:12 -05:00
Russell Hancox
3d393e9aa4 santa-driver: Workaround 10.15 SDK Dispatch() issue 2019-11-09 08:18:51 -05:00
Russell Hancox
8acfa6591e santa-driver: Fix compilation of SNTPrefixTree 2019-11-08 22:22:09 -05:00
Russell Hancox
447ea8674b Project: run buildifier on all bazel files, fix typo (#405) 2019-11-08 22:22:09 -05:00
Russell Hancox
c5eec850e1 Project: update santad path (#404) 2019-11-08 22:22:09 -05:00
Russell Hancox
1870631150 Project: Update bazel rules for endpointsec (#403) 2019-11-08 22:22:09 -05:00
Russell Hancox
20ed1659c1 santad: Don't store rules for santad/launchd, keep in-mem (#402) 2019-11-08 22:22:09 -05:00
Russell Hancox
53b7ef86ed santad: Log file changes, use prefix trees (#398) 2019-11-08 22:22:09 -05:00
Tom Burgin
933271826b simplify santabundleservice xpc connection protocol (#397) 
* simplify santabundleservice xpc connection protocol

* fix BUILD deps

* fix BUILD deps

* know
 2019-11-08 22:22:09 -05:00
Russell Hancox
dece50dd10 Logging: under 10.15, force santad into syslog mode (#393) 2019-11-08 22:22:09 -05:00
Tom Burgin
d8060d3af9 update component paths (#390) 2019-11-08 22:22:09 -05:00
Tom Burgin
c6ca3d64b3 add SNTEventProvider interface (#388) 
* Add SNTEventProvider interface

* execution controller test should use the event provider interface

* * Xcode project: Use manual signing
* SNTEndpointSecurityManager: Don't cache deny decisions
* Review updates

* review updates
 2019-11-08 22:22:09 -05:00
Tom Burgin
4913426631 * Added Xcode project + pods (#387) 
* * Added Xcode project + pods
* Cleaned up unused SNTXPCUnprivilegedControlInterface MachServices id.
* Change santad's MachServices id to be compatible with the default SystemExtension namespace template.

* pods

* bazel

* switch MachService name for 10.15+

* build with SystemExensions framework

* build with Xcode 11

* launchd.plist fix

* use @available

* * Request SystemExtension activation on a background thread.
* Create a constant for the "com.google.santa.daemon" SystemExtension id.
 2019-11-08 22:22:09 -05:00
Tom Burgin
ebc93954be SantaGUI: Fix message text. Add support for Dark Mode. (#354) 2019-02-21 16:53:20 -05:00
Tom Burgin
497c1f393f project format (#347) 
* starlark format

* Source/santa-driver -> Source/santa_driver

* buildifier

* kernel_tests unloads the driver

* review updates

* review updates
 2019-02-15 15:38:06 -05:00
Tom Burgin
e8826a2941 add licenses and default_visibility to each BUILD file (#345) 
* add licenses and default_visibility to each BUILD file

* remove default_visibility the bins are public

* oops
 2019-02-15 11:03:28 -05:00
Russell Hancox
dc692c8256 Project: Move tests with the code they're testing (#343) 
Add helper to make declaring unit tests easier
Add unit_tests test_suite containing all unit tests
Fix reload rule
Update to workspace-relative header locations that were missed before
 2019-02-06 15:09:09 -05:00
Russell Hancox
e9c7bfc087 Project: Make all imports workspace-relative, remove include attributes from all rules. (#339) 2019-01-22 14:24:11 -05:00
Russell Hancox
22c72625c8 Project: Split BUILD file into several. Part 1/3 (#338) 
* Project: Split BUILD file into several. Part 1/3

The tests fail in this PR because the rules need updating. I'll fix them in a follow-up PR.
 2019-01-22 12:06:48 -05:00
Russell Hancox
0a7c08cafc santactl/version: Make version command not crash with new Santa.app location (#335) 2019-01-16 17:16:39 -05:00
Russell Hancox
e6fcbf59df Proj: Convert to Bazel build, remove other build systems. (#326) 
This necessitated fixing some warnings, updating the resource
locations inside some tests and updating the Travis config.

I'll send a follow-up PR shortly that adds the fuzzing targets and updates the Rakefile and documentation.
 2018-12-14 11:57:32 -05:00
Tom Burgin
2695355dd2 add in-kernel filemod prefix filter (#313) 
* add in-kernel filemod prefix filter

* byte lookup

* added pruning and tests

* clang-format

* add TODO

* don't need seen

* review updates

* reset filter on client connect

* DisconnectClient: reset filter
AddPrefix: when a branch is needed create the whole branch immediately

* don't use strlen in HasPrefix
use strnlen in AddPrefix
up max nodes to 1024

* use new[] and delete[] for the prune "stack"
revert clang-format changes to kernel tests
remove reset node count

* words

* count not size
 2018-11-08 15:37:30 -05:00
Russell Hancox
7d4f1ffc45 config: Ensure syncBaseURL ends with a / (#311) 
* config: Ensure syncBaseURL ends with a /

Without the trailing / the last path component is removed by `URLWithString:relativeToURL:`
 2018-10-09 18:27:04 -04:00
Tom Burgin
01df4623c7 santa-driver: add back the root and non-root caches (#302) 
* santa-driver: add back the root and non-root caches

* cachehistogram: clarify buckets and entries

* review changes
 2018-09-26 12:41:04 -04:00
Russell Hancox
1f9d60aecc common: Allow transitive whitelisting to be controlled by sync servers. (#300) 
Also rename TransitiveWhitelistingEnabled -> EnableTransitiveWhitelisting and BundlesEnabled -> EnableBundles
 2018-09-26 08:43:31 -04:00
nguyen-phillip
6dc7387881 Add transitive whitelisting to Santa (#224) 
Add transitive whitelisting.

Binaries may be identified with WHITELIST_COMPILER rules.  Any executable they output will then be marked locally with a transitive whitelist rule and allowed to run if the TransitiveWhitelistingEnabled config key is true.
 2018-07-20 11:47:04 -04:00
Alessandro Gario
f7986b0a05 Update MOLXPCConnection; add support for unprivileged XPC interfaces (#287) 
* Update MOLXPCConnection; add support for unprivileged XPC interfaces

* Code review changes
 2018-07-05 17:20:49 -04:00
Russell Hancox
3c2a88144c santad: Wait for driver appearance using IOKit notifications. (#278) 
Continue loading without driver, report status in santactl.
 2018-06-12 16:15:41 -04:00
Russell Hancox
15fa53d744 santa-driver: Switch to a struct for vnode IDs, holding both the file… (#276) 
santa-driver: Switch to a struct for vnode IDs, holding both the filesystem ID and vnode ID.

Also drop the separate caches for root/non-root as this doesn't offer any benefit anymore.
 2018-06-05 06:43:49 -04:00
Russell Hancox
61a67e45c1 SantaCache: Add command to print histogram of bucket distribution (#275) 
* SantaCache: Add santactl command to print histogram of bucket distribution.

This currently only prints the distribution of the non-root cache. In the near future I'll unify the caches again which stops this being a problem.
 2018-06-01 17:02:39 -04:00