* Responses to events about to exceed deadline should respect FailClosed
* Only respect FailClosed when in Lockdown mode. Update docs.
* FailClosed in Configurator now wraps checking client mode
* PR feedback
* Fix execution controller tests with new FailClosed logic
* ProcessTree: add core process tree logic
* make Step implicitly called by Handle* methods
* lint
* naming convention
* widen pidversion to be generic
* move os specific backfill to os specific impl
* simplify ts checking
* retain/release a whole vec of pids
* document processtoken
* lint
* namespace
* add process tree to project-wide unit test target
* case change annotations
* case change annotations
* remove stray comment
* default initialize seen_timestamps
* fix missing initialization of refcnt and tombstoned
* reshuffle pb namespace
* pr review
* move annotation registration to tree construction
* use factory function for tree construction
* WIP Clean syncs now leave non-transitive rules by default
* WIP Get existing tests compiling and passing
* Remove clean all sync server key. Basic tests.
* Add SNTConfiguratorTest, test deprecated key migration
* Revert changes to santactl status output
* Add new preflight response sync type key, lots of tests
* Rework configurator flow a bit so calls cannot be made out of order
* Comment clean sync states. Test all permutations.
* Update docs for new sync keys
* Doc updates as requested in PR
* Make santactl status always print out transitive rule status even when not using a sync service.
* Fix typo in SNTCommandRule.m.
* Updated JSON values to put transitive_rules in the daemon section.
* Add missing config keys
* Use more consistent wording
* More consistent whitespace
* Reorder constants to appropriate section groups
* Update docs/deployment/configuration.md
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
---------
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
* Ignore TID/SID rules for dev signed code
* Handle code paths from santactl
* Don't bother evaluating isProdSignedCallback if not necessary
* PR feedback. Link to docs.
* WIP add config support to filter logged entitlements
* Add EntitlementInfo proto message to store if entitlements were filtered
* Log cleanup
* Address PR feedback
* Address PR feedback
GoogleTest when built with GTEST_HAS_ABSL fails to convert these strings
to a `std::string_view`. Lets instead explicitly convert them to a
`std::string_view`.
Add support for logging when codesigning has become invalidated for a process.
This adds support to the Recorder to log when codesigning is invalidated as reported by the Endpoint Security Framework's
ES_EVENT_TYPE_NOTIFY_CS_INVALIDATED event.
* e2e test usb mounting
* no poweroff
* no start
* drive usb via sync server since its up
sudo santactl status
sudo?
* revert nostart/nopoweroff
* bump VMCLI minimum os version
* e2e for macos 14
* no shutdown
* gh path
* dismiss santa popup after bad binary
* sleep for ui
* re-enable start vm
* re-enable poweroff
* tabs
* ratchet checkout actions in e2e
* Fix issue preventing rule import / export from working.
* Removed unused --json option from help string.
* Document that import and export as taking a path argument.
Update the syncing-overview.md document to note that FCM based push notifications are not currently available outside the internal Google deployment of Santa.
