moroz icon indicating copy to clipboard operation
moroz copied to clipboard

Published 20 hours ago verified publisher icon groob

Rules handling and client_sync

Open weiminm opened this issue 4 years ago • 5 comments

Hi.

When a rule is deleted from the toml, a Santa sync does not remove the rule from the Santa dB.

Thanks!

weiminm avatar Mar 15 '20 20:03 weiminm

I can verify that this is the case.

kcgaisford avatar Apr 17 '20 17:04 kcgaisford

Same problem.

dannykorpan avatar Oct 10 '20 11:10 dannykorpan

Same issue here. Anyone have a workaround for this?

trusted-francisg avatar Oct 18 '20 23:10 trusted-francisg

Confirmed as well on my end.

radsec avatar Oct 26 '20 17:10 radsec

As a work around you can "over-write" the rule. AKA if it was blacklisted move it to the whitelist. or if it was whitelisted move to the blacklist.

Has gotten me past some of the issues haven't fully tested it. but it might resolve the issue for a few people.

kcgaisford avatar Nov 12 '20 23:11 kcgaisford

Very late but with https://github.com/groob/moroz/pull/32 added the REMOVE policy type. So, you can now change your rule policy to REMOVE and the santa client will do the right thing and remove it.

ex:

[[rules]]
rule_type = "BINARY"
policy = "REMOVE"
identifier = "50d79d1763fefb56716e4a36284300523eb4335c3726fb9070fa83074b02279e"
custom_msg = "remove allowlist of the go compiler component"

bfreezy avatar Jun 07 '23 18:06 bfreezy