v0.9.18

Notes

Important: As of this release Santa's logs are moving to a new default location: /var/db/santa/santa.log. This is done in the ASL configuration so anyone packaging the binaries are free to move it back. ab33de2

• santad/santabs/santactl/SantaGUI: Bundles: A new feature to create events for all mach-o binaries within a bundle. This feature is disabled by default. It can be enabled by a sync server that supports receiving bundle events.
• santa-driver: Refactor cache expiration calculation.
• santa-driver: Protect wakeup() from being called with 0.
• SantaGUI: Fixed SantaGUI headline not being centered #159
• santactl rule: Add the ability to check the status of arbitrary SHA256 hashes (binary and certificate) without on-disk artifacts. #103

Commit History

v0.9.17

Notes

• santad/SantaGUI: Fixes a bug in SNTFileWatcher that calls fileSystemRepresentation every 200ms when a config doesn't exist. Fixes #151
• santad: Create default config if one does not exist.
• santad: Clear cache when regexes change. Fixes #142
• santactl sync: Use the new fcm-stream format.
• santactl sync: Use hostname for reachability.
• santactl sync: Disable sync server bundle scan requests. Proper bundle support coming in #145
• SNTXPCConnection: Allow redefining invalidationHandler after connections are established.
• Project: Add DevelopmentTeam configuration for Xcode 8 support.

Commit History

v0.9.16

Notes

• santactl sync: post a notification for every matching rule and FCM message
• santactl sync: if full sync fails, retry when reachable
• santad: only allow one syncd connection at any given time
• santactl status: add last successful rule sync date

Note there is a change to the santactl status --json api under the sync key.

• Change last_successful --> last_successful_full
• Add last_successful_rule

Commit History

v0.9.15

Notes

• santad: Drop AUTOINCREMENT on event table
• santactl status: Check non-boxed vars when building json output
• santactl fileinfo: Fix resolving path issues
• santactl sync: Add an option to run santactl sync as a daemon
• santactl sync: Add push notification functionality for common sync tasks
• package/conf: Fix typo in uninstall.sh

Commit History

v0.9.14

Notes

• santa-driver: Fix potential deadlock in Sierra
• santa-driver: Stop filtering advisory file writes
• santad: Ignore Info.plist error when checking code signatures
• santad: Fix config file watcher
• santad: Don't initialize database tables multiple times
• santad: Properly handle UTF-8 values in process arguments
• santad: Handle multiple whitelist rules being received for protected certificates
• santad: Fix workaround for PrinterProxy.app
• santad: Don't crash if ClientMode config value is not an integer.
• santactl fileinfo: Handle rules for all possible reasons. Fixes #73
• santactl fileinfo: Don't include ANSI codes in JSON or non-TTY output. Fixes #112
• santactl fileinfo: Don't include ANSI codes in JSON or non-TTY output. Fixes #112
• santactl sync: Fix self-signed certificate handling
• santactl sync: Fix bundle scanning, make concurrent.
• Package: Several fixes for install/uninstall scripts

Commit History

v0.9.13

Notes

• santa-driver: Use msleep/wakeup instead of IOSleep. Less time wasted sleeping.
• santa-driver: Prevent repeated requests for same binary.
• santa-driver: Reduce log spam when dropping log queue messages.
• santad: Limit log queue to 15 threads, reducing max CPU load.
• santad: Cache user/group id-> name lookups.
• santad: Rename CERTIFICATE to CERT in logs when binary is allowed.
• santad: Include client mode in execution logs.
• santad: Make binary/cert rule lookups in a single call.
• santactl: Add --json, --key and --cert-index options to fileinfo command.
• santactl: Add multiple file processing and multi-threading to fileinfo command.
• santactl: Recognize bundle/plugin Mach-O files in fileinfo.
• santactl: Send current client mode in sync preflight.
• SantaGUI: Fix bundle version URLs
• SantaGUI: Rename Dismiss button to Ignore

Commit History

v0.9.12

Notes

• santad: Lots of performance improvements in critical paths. Thanks to @georgekola for help and suggestions.
• santad: Remove hashes for small files in write logs.
• santad: Fix crash on 10.10 caused by an unavailable function.
• santad: Increase detail level in messages printed to TTY
• santad: Change watchdog thread to update every 30s instead of 60.
• santa-driver: Remove uses of OSDictionary in kernel, replaced with a linked-list hash-table with per-bucket locking.
• santa-driver: Change method of detecting file writes to catch descriptors auto-closed by the kernel
• santactl: Add checkcache command to see if a file is in the kernel cache (only available in DEBUG builds).
• santactl: Make fileinfo command wait longer for a rule query from daemon.

Commit History

v0.9.11

Notes

• Fixes CPU usage issue introduced in v0.9.10

Warning: This release is broken for macOS versions lower than 10.11 due to a bug.

v0.9.10

Notes

• santactl sync: Refactored, added tests, better logging. Also now tries to fetch an XSRF token if a stage fails.
• santactl sync preflight: upload long hostname instead of short hostname and upload rule counts.
• santactl sync eventupload: Include bundle path in event upload data.
• santactl sync eventupload: Don't upload bundle details until asked by server, search for longer.
• santactl fileinfo: Make file output more accurate for executables, include rule state in output
• santad: Close FMResultSet after closing database to prevent pointless messages.
• santad: Output a message to the TTY when blocking.
• santad: Flush cache when going into lockdown.
• santad: Add disk mount/unmount logging. (fixes #36)
• santad: Add a workaround for PrinterProxy being blocked.
• santad: Don't spawn 'instant' event uploads within a 10 minute period
• santad: Attempt to fix 'config.plist readable only by root' issue.
• santa-driver: Flush Vnode<->PID map periodically.
• santa-driver: Get UID/GID from kauth credential.
• SantaGUI: Fix Silence Notifications checkbox.
• SantaGUI: Add customizable client mode change notifications.

Commit History

v0.9.9

Notes

• Adds checkbox to GUI to prevent notifications for a particular binary for up to 24 hours (issue #39)
• Package file is now signed (issue #40)
• Fixes bug preventing GUI from re-connecting to daemon (issue #41)

• Accessibility is improved in GUI, particularly for VoiceOver and high-contrast users
• santactl sync no longer logs all successful stages
• santactl sync now correctly sets its user-agent
• santactl sync and santactl rule now print useful information when adding a rule fails
• santad now attemps to load santa-driver during startup
• santad now locks the rules.db
• Added better protection against losing launchd/santad rules

Commit History