Pre-release
Pre-release

@tburgin tburgin released this Sep 26, 2018 · 11 commits to master since this release

Assets 4

Notes

This release contains a bug fix, a feature, and an implementation feature.

Mojave Bug Fixes

  • santad: Add critical system binary /usr/sbin/ocspd (#301)

Features

  • Project: Allow transitive whitelisting to be controlled by a sync server (#300)

Implementation Features

  • santa-driver: Add back the root and non-root decision caches (#302)

Commit History

Pre-release
Pre-release

@tburgin tburgin released this Sep 21, 2018 · 15 commits to master since this release

Assets 4

Notes

This release contains some bug fixes and new features.

Mojave Bug Fixes

  • santa-driver: Add an IOMatchCategory to fix a load / unload bug (#292)
  • santa-driver: Fix cache invalidation (#298)
  • santad: Add critical system binaries (#296)

Features

  • Project: Add transitive whitelisting to Santa (#224)
    Transitive whitelisting is disabled by default. Documentation is still being generated.

Commit History

Pre-release
Pre-release

@tburgin tburgin released this Jul 6, 2018 · 20 commits to master since this release

Assets 4

Important

The command santactl sync now requires root privileges. Use sudo santactl sync.

Notes

This release contains a new feature.

Implementation Features

Commit History

Pre-release
Pre-release

@tburgin tburgin released this Jun 20, 2018 · 24 commits to master since this release

Assets 4

Notes

This release contains some bug fixes and new features.

Bug Fixes

  • santad: Only get code signing information for Mach-O binaries #277
  • santa-driver: Switch to a struct for vnode IDs, holding both the filesystem ID and vnode ID #262 #276
  • santa-driver: Drop the separate caches for root/non-root file systems as this doesn't offer any benefit anymore #276
  • santa-driver: Stop catching vnode_hasdirtyblks() #260 #280
  • Docs: s/precendence/precedence/ #283 Thanks @dgw!

Features

  • Logs: Optional MachineID for event logs #256 Thanks @obelisk!

Implementation Features

  • santa-driver: Templatize key types in SantaCache #271
  • santa-driver: Make ACTION CAS operations in SantaCache more readable #272
  • santa-driver: Add SantaCache distribution tests #273
  • KernelTests: Simplify kernel tests #282
  • santa-driver / santad: Refractor kext load / unload and connect / disconnect #278 #281
  • santactl: Add cachehistogram debug command #275

Commit History

Pre-release
Pre-release

@tburgin tburgin released this May 29, 2018 · 39 commits to master since this release

Assets 4

Notes

This release contains some bug fixes and new features.

Bug Fixes

  • santabs: Only allow bundle events on ancestor bundles of type: .app .bundle .framework .kext .xctest .xpc #257
  • santa-driver: Do not invalidate cached decisions on KAUTH_VNODE_ACCESS #266

Features

  • Project: Add codesign flags kill library-validation to all components #264
  • santa-driver: Log the file path of dirty vnode execution attempts #267

Commit History

Pre-release
Pre-release

@tburgin tburgin released this Apr 24, 2018 · 52 commits to master since this release

Assets 4

Important

The Type field in santactl fileinfo will now display x86-64 as x86_64.
Non-event logs are now stored in ULS. You can stream or view them with the /usr/bin/log command.

Notes

This release contains some bug fixes and new features.

Bug Fixes

  • santad: validates all architectures within universal binaries attempting to execute (#249) Big thanks to @secretsquirrel for the PoC.

Features

  • santactl fileinfo: displays signing information for all architectures if they are not all consistently signed (#249)
  • event logs: Event logs can now be stored in a file or ULS. See the keys EventLogType and EventLogPath in the configuration document configuration.

Commit History

Pre-release
Pre-release

@tburgin tburgin released this Mar 13, 2018 · 55 commits to master since this release

Assets 4

Notes

This release contains some bug fixes.

Bug Fixes

  • santad: Stop watching /var/db/santa/sync-state.plist to fix a race condition by deleting the racy code (#242)
  • santabs: Serialize calls to -[SNTBundleService createConnection] to prevent over resuming an XPC connection (#244)
  • santactl sync: Update to MOLFCMClient v1.7 to prevent scheduling a task on an invalidated session (#245)

Commit History

Pre-release
Pre-release

@tburgin tburgin released this Feb 22, 2018 · 60 commits to master since this release

Assets 4

Notes

This release contains some bug fixes.

Bug Fixes

  • santactl sync: Use MOLFCMClient v1.5 - this contains exponential backoff logic (#238)
  • codesign verification: Use MOLCodesignChecker v1.8 - this will now verify the code signature for all architectures within universal binaries (#239)

Commit History

Pre-release
Pre-release

@tburgin tburgin released this Feb 8, 2018 · 63 commits to master since this release

Assets 4

Notes

This release contains some bug fixes.

Bug Fixes

  • config: Fixed a client mode flapping issue when changing unrelated mobileconfigs (#234) (Fixes #174 #203)
  • santa-driver: Added an acknowledge feature to binary requests (#220) (Fixes #215)
  • santabs: Fixed nil bundle path lookup (#233)

Commit History

Pre-release
Pre-release

@russellhancox russellhancox released this Jan 25, 2018 · 68 commits to master since this release

Assets 4

Important

/var/db/santa/config.plist is no longer used for configuration. In this release Santa has moved to using an Apple Configuration Profile to manage its configuration. See the configuration document for more details on using a configuration profile to manage Santa.

Notes

This release contains some bug fixes and a new way of configuring Santa.

Bug Fixes

  • santa-driver: now denies execs with names over MAXPATHLEN 1031374. Thanks to @codido for the report
  • santactl rule: --check now returns proper scope 0c39342
  • santactl sync: reachability threads are now property released 57213ee
  • santa.log: log the events that are generated by bundle hashing now have a action=BUNDLE tag 6973dd0
  • santactl: -h and --help are now synonyms for help 6973dd0. Thanks to @groob for the report

New

  • config: configuration is now done with configuration profiles 8e57e37. Thanks to @jesseendahl for the report and keeping on us to get this done!

Commit History