Releases: google/santa
Releases · google/santa
v0.9.8
Notes
- Fixes config.plist not reloading properly or ending up with bad permissions
- Fixes issue where very high system load (particularly lots of executions and writes) causes hangs
- Fixed quarantine data collection and upload
- Fixed/updated client certificate auto-detection for syncing
- Fixed SNTFileWatcher tests
- Added per-thread ASL client to logging system
- Added logging when SyncBaseURL is set but invalid
- Added quarantine origin URL to exec logs, where available
- Added queueing of block notifications when no user is logged in
- Added tabbing to block notification UI
- Added full SHA-256 to block notifications
- Added better data to fileinfo command when signature exists but doesn't validate
- Added client multiplexing to SNTXPCConnection
- New icon!
- Syntax clean-ups, clang-format file
v0.9.7
Notes
- Fix pid/ppid and argument logging under posix_spawn
- Fix lock contention when doing lots of execs/writes
- Always get strings from bundle info dictionaries
- Find related binaries when uploading events
- Include user/group name in logs
- Rename
santactl binaryinfocommand tosantactl fileinfo - Better logging when
santactl syncfails.
v0.9.6
Notes
- Fix ballooning memory usage in santad
- Capture peak RAM/CPU usage and expose in santactl status
- Fix date output error in santactl
v0.9.5
v0.9.4
Notes
- Added configuration option for turning off PAGEZERO protection.
- Added reporting on rule adding/removing fail.
- Added com.apple.quarantine data accessors for downloaded files.
- Collect and upload quarantine data with events.
v0.9.3
Notes
- Added more fields to santactl status
- Added --json flag to santactl status and santactl version
- Prevent accidental deletion of 'critical' rules
- santactl/sync: wait until end of sync before changing client mode.
v0.9.2
Notes
Changes the LogFileChanges key to FileChangesRegex, allowing control over what paths are logged when changes occur.
Adds "Application Name" as first item in the GUI notifications if the binary that is blocked is part of an application bundle with a CFBundleName
Re-write of the argument parsing in the rule command, added the ability to whitelist by certificate.
Added some more items to the "santactl status" command.
Added checks for when the database 'goes bad'.
v0.9.1
Notes
This release adds a number of new features:
- Option to log all file writes/renames/deletes (excluding a small handful of directories). Configuration option "LogFileChanges" controls this.
- Logging of all executions with arguments, rather than just the decision that was made.
- Blocking of 32-bit binaries missing the PAGEZERO segment, unless specifically whitelisted.
- Ability to blacklist binaries based on path, using a regex, equivalent to the WhitelistRegex option.
Along with the usual mix of fixes and new bugs to find.
v0.9
Notes
Highlights
- Added DefaultBlockMessage configuration key to customize the default message shown when something is blocked
- Fixes santactl logging when run in background
- Fixes driver loop when lots of binaries are executed
- Updated "Mac OS X" -> "OS X" throughout UI
- Fixes crashes in "santactl rule" command
- Gets embedded Info.plist in binaries before using bundle info
v0.8.9
Notes
Bug fixes for a few edge cases, lots of fixes for logging issues and a few new features.
When execution is denied, the returned status is now EPERM instead of EACCES to help users differentiate between Santa and permissions problems (which is useful when using SSH).
Highlights
- Added whitelist-by-directory using regexes.
- Send all logging to syslog and claim Santa related logs into santa.log. This fixes log rotation
- Extremely large executables (>200MB) no longer cause a hang.
- Very large numbers of simultaneous executions no longer cause dataqueue to fill up and crash daemon repeatedly.
- If
santadcannot hash a file properly, it now logs an appropriate error. santactl syncnow exits when it encounters a redirect instead of hanging.santactl syncnow accepts a back off parameter from the server so the server can prevent itself from being overloaded. Also, santad is now responsible for scheduled syncs, no more 'santasync' launchd job- Vacuum event database after deleting events.
- santad now only logs high memory usage when the usage increases.