santa

mirror of https://github.com/google/santa.git synced 2026-01-20 03:28:10 -05:00

Author	SHA1	Message	Date
Tom Burgin	ed5be6b062	com.google.santa.daemon: async es message handling (#421 ) * fix Santa.xcodeproj * com.google.santa.daemon: some es tweaks * review updates	2019-12-09 11:21:12 -05:00
Russell Hancox	53b7ef86ed	santad: Log file changes, use prefix trees (#398 )	2019-11-08 22:22:09 -05:00
Tom Burgin	c6ca3d64b3	add SNTEventProvider interface (#388 ) * Add SNTEventProvider interface * execution controller test should use the event provider interface * * Xcode project: Use manual signing * SNTEndpointSecurityManager: Don't cache deny decisions * Review updates * review updates	2019-11-08 22:22:09 -05:00
Tom Burgin	2695355dd2	add in-kernel filemod prefix filter (#313 ) * add in-kernel filemod prefix filter * byte lookup * added pruning and tests * clang-format * add TODO * don't need seen * review updates * reset filter on client connect * DisconnectClient: reset filter AddPrefix: when a branch is needed create the whole branch immediately * don't use strlen in HasPrefix use strnlen in AddPrefix up max nodes to 1024 * use new[] and delete[] for the prune "stack" revert clang-format changes to kernel tests remove reset node count * words * count not size	2018-11-08 15:37:30 -05:00
nguyen-phillip	6dc7387881	Add transitive whitelisting to Santa (#224 ) Add transitive whitelisting. Binaries may be identified with WHITELIST_COMPILER rules. Any executable they output will then be marked locally with a transitive whitelist rule and allowed to run if the TransitiveWhitelistingEnabled config key is true.	2018-07-20 11:47:04 -04:00
Russell Hancox	15fa53d744	santa-driver: Switch to a struct for vnode IDs, holding both the file… (#276 ) santa-driver: Switch to a struct for vnode IDs, holding both the filesystem ID and vnode ID. Also drop the separate caches for root/non-root as this doesn't offer any benefit anymore.	2018-06-05 06:43:49 -04:00
Russell Hancox	61a67e45c1	SantaCache: Add command to print histogram of bucket distribution (#275 ) * SantaCache: Add santactl command to print histogram of bucket distribution. This currently only prints the distribution of the non-root cache. In the near future I'll unify the caches again which stops this being a problem.	2018-06-01 17:02:39 -04:00
Tom Burgin	9f6ccf092a	code cleanup (#241 )	2018-02-26 10:51:44 -05:00
Tom Burgin	0e6eb45732	santa-driver: add an acknowledge feature to allow timeouts (#220 ) * santa-driver: Add an acknowledge feature to allow timeouts for lost requests * project: cocoapods 1.3.1 update * review updates	2018-01-26 11:33:54 -05:00
Russell Hancox	103137498b	santa-driver: Deny execs with names over MAXPATHLEN with appropriate errno (#231 )	2018-01-24 14:02:05 -05:00
Russell Hancox	d1d9762e29	santa-driver: Don't filter advisory vnode_write notifications (#94 )	2016-09-15 10:17:18 -04:00
Tom Burgin	08dfad208b	Move decision making to SNTPolicyProcessor (#91 ) Move SNTEventState to a mixed bit field enum SNTCommandFileInfo now handles all rule states	2016-09-14 12:34:42 -04:00
Tom Burgin	3435b56a84	Add checkcache command to santactl. It will check to see if the vnode id of a file is in the kernel cache	2016-06-17 12:03:26 -04:00
Russell Hancox	8f05ee7d79	santa-driver: Rename some action types	2016-03-15 12:53:44 -04:00
Russell Hancox	90e99255b1	santa-driver/santad: Split decision making and logging onto 2 data queues This resolves an issue where the data queue can be overwhelmed by logging requests and fail to respond to decisions for an extended period of time.	2016-03-10 12:21:17 -05:00
Russell Hancox	84f46de940	Driver/Daemon: Collect process name in-kernel for file events, parent name for exec requests. For file events log process name and path, if possible.	2015-10-05 17:09:33 -04:00
Russell Hancox	98878f3e7c	Kernel/santad: Add file write logging and exec argv's. This necessitated a large refactoring of a bunch of code, hence being a large commit. This moves all event logging into a separate class, moves logging of executions to be from FileOp events rather than Vnode events (so we can get the argv after the execve call has finished) and implements the logging of cached execs.	2015-09-08 16:33:59 -04:00
Russell Hancox	75158c11ea	santa-driver: Don't create santa_message_t structs on the stack. Also rename userId field to uid and add gid field to match	2015-08-31 15:21:25 -04:00
Russell Hancox	f2f27c5675	santa-driver: Up ACTION_REQUEST_SHUTDOWN from 60->90	2015-05-18 13:06:31 -04:00
Russell Hancox	5a7ac2287b	santa-driver: Stop defining MAX_PATH_LEN, use MAXPATHLEN instead. I can't recall why I did this.	2015-05-18 13:06:31 -04:00
Russell Hancox	3f5400b264	santa-driver: Split FetchDecision, notify daemon of missed executions, reorganize some methods.	2015-05-14 17:01:49 -04:00
Russell Hancox	9f6b6d10dc	santa-driver: Make room in santa_message_t->path for the terminator so we don't miss a character.	2015-05-14 17:01:47 -04:00
Russell Hancox	4fd5e1139f	Project: Style clean-ups	2015-04-21 14:29:30 -04:00
Russell Hancox	08ca3c9d95	Driver: Move SantaDecisionManager ownership to IOService level, start listeners ASAP but allow and log until daemon connects. Remove useless close method in SantaDriverClient.	2015-02-03 18:55:24 -05:00
Russell Hancox	7a03183cf0	Update Copyright years	2015-01-30 18:41:12 -05:00
Russell Hancox	42684387c5	Kernel: Rename RESPONSE_VALID macro to CHECKBW_RESPONSE_VALID	2015-01-30 17:28:04 -05:00
Russell Hancox	ecbd92646d	Update all docstrings to triple-slash doxygen style	2015-01-28 21:28:17 -05:00
Russell Hancox	71b08307a3	Driver: Move SHA-1 calculation to userland	2015-01-28 19:12:06 -05:00
Russell Hancox	7458896a2a	Driver: send down ppid to daemon	2015-01-13 16:08:29 -05:00
Russell Hancox	a78f2b37ee	Driver: style and comment cleanup	2015-01-13 16:07:03 -05:00
Russell Hancox	17f102662a	Driver: Clean-up logic when checking cache entry actions	2014-12-16 16:39:17 -05:00
Russell Hancox	07988686ae	Initial commit	2014-11-20 16:23:13 -05:00

32 Commits