santa
santa copied to clipboard
google
A binary authorization and monitoring system for macOS
## Description When launching apps in Parallels, the applications are getting blocked because the application which is being launched in Parallels appears to use a different app signing certificate format....
I built off the `main` branch in `ad-hoc` mode with SIP disabled and while testing attempted to block the Xcode binary. `santactl rule --check --sha256 691d6b3a7bb41ca4042cc30a769d79b4708f6c27ab602a940b0dbb7c529a5071` rule check shows `Blocked...
Many of our unit tests e.g. those in `SNTFileInfoTest`, reference absolute paths like `/Applicaitions/Safari.app` which on macOS 13 are symlinks to `/System/Cryptexes/App/System/Applications/Safari.app` as such tests fail.
White testing beta releases of macOS Ventura, we have observed, that PrinterProxy did not start: Exception Type: EXC_CRASH (SIGKILL (Code Signature Invalid)) We have observed that PrinterProxy should have an...
We have installed macOS Ventura on a few test machines and observed that the first user login is extremely slow. One system for example, with M1 max and filevault enabled,...
Using `santactl`, a root user is able to add a rule to add a binary to a transitive allowlist however these rules are ignored unless `EnableTransitiveRules` is set to true....
It would be immensely powerful, being able to only let a given rule either _apply_ or _not apply_ to a given user. Effectively, this could help admins secure [configuration] files...
Santa should do the following: 1. On startup, evaluate all running processes against Santa's rules to determine if they should run 2. When new rules are received, running processes should...
### Discussed in https://github.com/google/santa/discussions/1292 Originally posted by **jumpsdefcon** February 14, 2024 So, was doing some testing with an agent that is not using a sync server, and was looking to...
The process tree library is meant to be usable by Santa, other macOS agents, and even other OSs. This PR adds the macOS specific `LoadPID` to backfill running processes on...
