santa
santa copied to clipboard
google
A binary authorization and monitoring system for macOS
We should be explicit about how Santa is designed to interact with sync servers. This interaction is focused on enabling delivery of updated rules and configuration to clients. Logs/telemetry is...
In Santa we have a few conventions that we try to stick to in the codebase. This needs to be documented. * Hashes -- should be lowercase * CDHash --...
We make extensive use of dependency imports in our WORKSPACE file because we've been using bazel since pre-1.0. The modern version of this is to use a MODULE.bazel file (where...
Running into a situation where when I am running a debugger in IntelliJ in lockdown mode, the output gets blocked. I added a compiler rule as below for the debugserver...
There's a lot of hard to test command line parsing in santactl. This should be refactored to use [Abseil's Flag library](https://abseil.io/docs/cpp/guides/flags).
The sync protocol's PostFlight step should be extended for a client to indicate that it received an unenforceable rule. In some situations a sync service might push a policy for...
### INITIAL DRAFT **Primary goal with the draft PR is to gather any final feedback on the proto impl before writing the encoders for the enriched types.** Once we're satisfied,...
It would be nice to have a filter that allows you to decide which events are / are not logged into the logs in `/var/db/santa/`. I propose but am not...
Currently our docs, daemon names, and launchd service labels don't all match e.g. we use `santad` in docs when referring to the daemon, it's label is `com.google.santad` and its binary...
Crafting a configuration profile is tedious, difficult to get right, and the documentation for all the keys is difficult to write. We could host a config generator site on santa.dev...