* Spool writer and santactl command to print proto file
* Make valid JSON for multiple paths. Can now create proto/spool logger. Updated logger tests.
* Make fsspool writer and fsspool log batch writer injectable
* Add spool writer tests
* Updated help text for santactl printlog
* Include file cleanup
* Fix dispatch source destruction
* Change config keys for the new Spool writer
* Spool settings now configurable
* Fix param order
* Remove some test sleeps related to control flow
* Initial structure for ES wrappers, enriched types, logging
* Basic working ES and logging functionality
* Add in oneTBB and thread-safe-lru deps
* Added a bunch of enriched types
* Auto-mute self when establishing ES client
* Basic auth, tamper client. Syslog of all events. Basic compiler tracking.
* Update copyright header blobs, convert some tabs to spaces
* Auth result cache. Fix getting translocation path.
* Added remaining cache methods
* Add AuthResultCache to Recorder client. Cache now operates on es_file_t.
* Hooked up SNTPrefixTree
* Fix CompilerController for RENAME. Fix AllowList logging missing path.
* Block loading Santa kext
* Added device manager client
* Properly log DiskAppear events
* Fix build to adopt new adhoc build
* Handle clearing cache on UNMOUNT events
* Ignore other ES clients if configured
* Remove SNTAllowlistInfo. Rename AllowList to Allowlist. Minor cleanup.
* Recorder now logs asynchronously. Enricher now returns shared_ptrs.
* Added File writer. Added timestamps to BasicStream serializer.
* Skip calling stat in SNTFileInfo when path given by ES.
* Fix build issue
* Address draft PR feedback
* santactl integrated, XPC works, fix file writer bug
* Integrate syncservice. Start observing some config changes.
* Add metrics service wrapper
* Add metrics config observers and metrics interval reset.
* Start better dependency control. Add Null logger support.
* Added more deps
* Added more deps
* Fix issue where metric service wasn't starting
* Add missing variant include
* Fix missing parent proc name
* Added googletest and new unit test macro
* Started expanding AuthResultCacheTest
* Properly mock EndpointSecurityAPI
* Finished AuthResultCacheTest
* bazelrc now builds all C++ as C++17. Added LoggerTest.
* Add FileTest. Abstract some File constants to Logger.
* Added Empty serializer test
* Started work on BasicStringTest. Fixed some BasicString serialization bugs.
* Added Unlink BasicString serialization test
* Added some more tests. Commonized some test code
* Finished BasicStringTest. Converted to XCTest.
* Standardize esapi variable naming
* Bubble up gTest expect failures to XCTest failures
* AuthResultCacheTest now uses XCTest. Added common TestUtils.h
* EmptyTest now uses XCTest.
* FileTest now uses XCTest
* LoggerTest now uses XCTest. Removed santa_unit_gtest bazel macro.
* Added ClientTest
* Add basic Enricher tests
* Add MessageTest. Make more TestUtils.
* Rename metrics to Metrics
* Add MetricsTest.
* Apply template pattern to Serializer
* Add SNTDecisionCacheTest.
* Add SNTCachedDecisionTest.
* Testing with coveralls debug mode
* Allow manual CI runs
* Remove unused property
* Started work on SNTEndpointSecurityClientTest.
* WIP SNTEndpointSecurityClientTest, fix test run issue
* Added more base ES client tests
* Add more base ES client tests
* Base ES client tests done. Added serializer utils/tests. Expanded basic string tests.
* Add utils test to test suite
* Add copy ctor. Add test output to bazel coverage.
* Single thread bazel coverage
* Updaload coverage file
* Updaload coverage file
* Old gen cov test
* Restructure message handlers to enable better testability
* Added enable tests for all ES clients
* Made a single MockEndpointSecurityAPI class to share everywhere
* Added most of SNTCompilerControllerTest
* Cleanup SNTCompilerControllerTest
* Started expanding Auth client test
* Finished up the Authorizer tests
* Move to using enum class for notify/auth instead of bool
* WIP for tamper resistance test. ASAN issues.
* Add OCMock patch to fix test issue on ARM Macs
* Changed patches directory name to external_patches
* Update WORKSPACE path
* Finished up Tamper Resistance tests
* Finished up Recorder tests.
* Move SNTExecutionControllerTest to ObjC++
* Initial work to port SNTExecutionControllerTest
* Finished porting SNTExecutionControllerTest.
* Added SNTExecutionControllerTest to list of unit tests
* Ported SNTEndpointSecurityDeviceManager.
* Test cleanup, use MockESAPI expectation helpers
* Verify SNTEndpointSecurityDeviceManager expectations differently
* Test cleanup, omit gTest param list where unused
* Log message cleanup
* Rename SNTApplicationTest to santad_test.mm
* Finished porting santad_test, formerly SNTApplicationTest
* Fix SNTEndpointSecurityDeviceManager issues
* Pulled in missed fixes. Updated tests.
* Renamed lowercase filenames to match rest of codebase
* Fix non-static dispatch_once_t, and noisy watching compiler log message
* WIP Started process of removing components no longer used
* WIP Continued process of removing components no longer used
* BUILD file cleanup. Proto warning. Removed unused global
* Rename SNTEventProvider to SNTEndpointSecurityEventHandler
* Rename SNTEndpointSecurityEventHandler protocol
* Remove EnableSysxCache option. Remove --quick flag used during dev.
* Ran testing/fix.sh
* Addmissing param to fix.sh that was omitting .mm files.
* clang-format
* Fix linter: find cmd missing .mm ext, git grep exclude patch files.
* Use MakeESProcess default params in tests
* Move variables to camelCase in objc classes
* More case changes
* Sanitize strings
* Change dispatch queue priorities and standardize daemon queue naming
* Exclude patch files in markdown check
* Ensure string log messages end with newline
* Fix BasicStringTest
* Disable clang-format in code producing different results in local/remote versions
* Moved to using date ranges in copyright notices as per current guidelines
* Update Source/common/SNTConfigurator.h
Suggestion adding whitespace in comment to fix clang-format mangling
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
* Removed santa_panic macro used in one place
* Updated comment about ES cachability
* Pin oneTBB to specific commit
* Address outstanding WORKSPACE 'canonical reproducible form' messages
* Use string append instead of ostringstream due to benchmark results
* Remove use of freind classes in EnrichedTypes.h
* Added SNTKVOManager, removed observers from SNTConfigurator.
* Fixed SNTEndpointSecurityRecorderTest class name
* Reduce usage of the auto keyword
* Each SNTKVOManager instance now adds its own observer
* Replaced more auto keywords with real types.
* Remove leftover code coverage debugging from ci.yml
* Updated comment
* Memoize SNTFileInfo sha256. Reduce some cache sizes.
* Fix issue checking for translocated paths
* Use more performant NSURL creation method
* Fix lint issue
* Address PR feedback
* Use an array literal for kvo objects
* Fix some clang tidy and import issues
* Replace third party LRU cache with SantaCache for now
* Fix clang tidy issues
* Address PR feedback
* Fix comment typo
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
* Added todo for when we adopt macOS 13
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
When enabled, this option disables *all* GUI notifications from Santa. This is intended for kiosk-style machines where it is not expected for users to _ever_ execute unknown binaries.
Fixes#862
The previous change here (#797) was not backward compatible and would be difficult to roll out. This change restores the previously used key and adds 2 new ones for migration. The previous key is marked deprecated and will be removed in the future.
* Add config to allow uploading all events
This config can be enabled locally or by a sync server and causes the
client to upload all events, not just those for binaries that are or
would be blocked.
Fixes#689
* GUI: Add %bundle_or_file_sha% translation key
This mimics the current behavior that %file_sha% previously had and
moves %file_sha% to the expected behavior or just showing the file's
SHA.
Related to #795
* Initial protobuf support, maildir logging
Fix build issues in the integration test
Deduped some test code
Formatting
Address feedback from draft PR
Removed legacy labels. Updated docs.
Add in metrics. Fix protobuf logging test.
* Now use the Any proto for the LogBatch wrapper
* Changes based on PR feedback
* Added gauge metrics for spool dir
* Formatting
* Add event time to proto
* Fix build issue after rebase
* Update BUILD rules
* Updated language around protobuf logging to mark as beta
* USB mass storage blocking.
* Add the sync service and config key for enabling mass USB storage blocking
* Update docs with the sync service key
* Add ability to forcibly remount USBs with different flags
* update EndpointSecurityTestUtil and tests that use it to properly handle multiple ES clients
* Add more Conf references, EnableSysxCache key, etc
* Updated link (even though previous config profile explainer link redirects accordingly) to profile spec.
* Added brief explanation of TCC/PPPC and made reference to the non-setting example MDM mobileconfig files in the repo
* Add sysext log stream example, update wording
* Pointed at events and configuration pages for details about logging
* New troubleshooting section
* Standardized on asterisks for page link markup in the TOC index page
Add santametricservice and basic metrics to Santad.
This PR adds the santametricservice, and adds basic metrics to santad. It also updates the SNTMetricSet to have and updates packaging scripts to include the santametricservice (aka metric service) in the final bundle.
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
* Initial commit of a Format that converts SNTMetricSet dictionaries to a format consumable by Monarch tooling.
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
