santa
santa copied to clipboard
google
A binary authorization and monitoring system for macOS
After the KEXT is deprecated we should be able to move forward with some general cleanup and simplification. This issue is for tracking that work.
Santa's launch agents and daemons should be migrated to utilize the SMAppService API on macOS 13+. https://developer.apple.com/documentation/servicemanagement/smappservice?language=objc
The sync protocol is currently HTTP/JSON. It'd be nice to be able to make this have a GRPC / Protobuf option as well as a formal specification for the protocol...
For larger deployments we'd like Santa to be able to export metrics for use with monitoring solutions like prometheus, or osquery.
* TCC Full Disk Access * KernelExtension Whitelist * SystemExtension Whitelist
* An overview of Santa. * A detailed guide on how to set it up. * UAKEL * Rules * A detailed guide on using a sync server.
There are a lot of parts of Santa that are responsive to the SNTConfigurators state change we need to make sure these are tested.
The docs are, in many ways, out-of-date and could be much clearer. We need to document how to configure many things, better docs on deployment, better docs on how to...
There is a list of binaries in the "Binaries" section of the documentation but it's missing `santasyncservice` (and `santametricservice`). This should be added, and the "Syncing Overview" page should also...
We should investigate whether or not Santa would inherit any performance benefits from switching to [TCMalloc](https://github.com/google/tcmalloc).