Santa Files

Notes

Changed

↔️ Serializing/deserializing of all sync requests and responses is now handled by the protobuf library. If protobuf transfers aren't enabled, the buffers will be converted to/from JSON just-in-time. This should be a transparent change for sync servers. However, it's possible there could be issues with rarely used keys. Please open an issue if you notice any sync keys not working as expected. ↔️ macOS 11 is no longer supported. ↔️ A dock icon now displays for the blocked execution UI and the window is discoverable via Cmd+Tab. ↔️ A blocked execution dialog is now discoverable via Cmd+Tab and a Dock icon will display while the window is open.

Fixed

❗ Addressed issue where santactl fileinfo could fail to get rule status if too many files were evaluated simultaneously.

Added

➕ The Santa daemon now includes signal protection to prevent being killed, even by root users. ➕ You can now configure Santa to communicate with the sync server via binary protobufs. ➕ 10 new event types have been added to the telemetry stream: Loginwindow login/logout/lock/unlock, OpenSSH login/logout, Screensharing attach/detach, and login(1) login/logout ➕ The --filter-inclusive switch was added to santactl fileinfo to support combining multiple --filter predicates as an AND operation as opposed to the default OR operation. ➕ The MachineID configuration value has been added to the requests of all sync protocol stages. ➕ The "Dismiss" button text in the blocked event dialog is now configurable (previously labeled "Ignore")

What's Changed

• sync: Add a protobuf for the existing sync protocol by @russellhancox in https://github.com/google/santa/pull/1359
• Update check-markdown workflow to use Lychee by @pmarkowsky in https://github.com/google/santa/pull/1362
• docs: Document new EventDetailURL keys by @russellhancox in https://github.com/google/santa/pull/1361
• santad: Add signal auth to tamper resistence. by @russellhancox in https://github.com/google/santa/pull/1360
• sync: Add option to sync using binary protos by @russellhancox in https://github.com/google/santa/pull/1364
• Modernize docs (Round 1) by @mlw in https://github.com/google/santa/pull/1363
• Add a Signing ID Format Helper by @pmarkowsky in https://github.com/google/santa/pull/1365
• docs(ISSUE-1325): Add Identifier Conventions by @toastsec in https://github.com/google/santa/pull/1366
• Use new Apple docs link for global proxy settings constants by @mlw in https://github.com/google/santa/pull/1367
• Fix santd title in docs by @bugos in https://github.com/google/santa/pull/1368
• docs: Update references to SNTXPCConnection by @russellhancox in https://github.com/google/santa/pull/1372
• santad: Fix metrics for AuthSignal events by @russellhancox in https://github.com/google/santa/pull/1373
• Add tests to ensure EventTypeToString handles all subscriptions by @mlw in https://github.com/google/santa/pull/1374
• Proto tests min version support by @mlw in https://github.com/google/santa/pull/1376
• Drop macos 11 by @mlw in https://github.com/google/santa/pull/1377
• Project: Update several bazel modules by @russellhancox in https://github.com/google/santa/pull/1378
• Login/logout events by @mlw in https://github.com/google/santa/pull/1371
• Add string serialization for new login/logout events by @mlw in https://github.com/google/santa/pull/1379
• Add protobuf serialization for new login/logout events by @mlw in https://github.com/google/santa/pull/1380
• Use class member access operator for underlying ES message by @mlw in https://github.com/google/santa/pull/1381
• fileinfo: cap the number of concurrent operations by @tburgin in https://github.com/google/santa/pull/1383
• Adopt namespace naming guidelines - part 1 by @mlw in https://github.com/google/santa/pull/1384
• Namespace simplification pt2 by @mlw in https://github.com/google/santa/pull/1385
• Namespace simplification pt3 by @mlw in https://github.com/google/santa/pull/1386
• Namespace simplification pt4 (final) by @mlw in https://github.com/google/santa/pull/1387
• fileinfo: add --filter-inclusive by @tburgin in https://github.com/google/santa/pull/1388
• sync: Handle parse errors, make some preflight fields optional by @russellhancox in https://github.com/google/santa/pull/1389
• sync: Parse response as proto when SyncEnableProtoTransfer enabled by @russellhancox in https://github.com/google/santa/pull/1391
• Add machine_id to facilitate a GRPC version of the sync protocol by @pmarkowsky in https://github.com/google/santa/pull/1390
• Handle non-200 HTTP responses in SNTSyncStage performRequest by @bugos in https://github.com/google/santa/pull/1392
• common: Remove debug log when signing ID is missing. by @russellhancox in https://github.com/google/santa/pull/1393
• Allow empty data for 200 responses by @mlw in https://github.com/google/santa/pull/1394
• Improve handling of sync response default values by @mlw in https://github.com/google/santa/pull/1395
• GUI: Update activation policy for binary blocks by @russellhancox in https://github.com/google/santa/pull/1396
• Fix check for deprecated clean sync key by @mlw in https://github.com/google/santa/pull/1397
• GUI: Make dismiss button configurable, change default text back to dismiss by @russellhancox in https://github.com/google/santa/pull/1399
• Docs: Add DismissText key to configuration.md by @russellhancox in https://github.com/google/santa/pull/1400
• sync: Handle missing error string for abnormal statuses by @russellhancox in https://github.com/google/santa/pull/1402

New Contributors

• @toastsec made their first contribution in https://github.com/google/santa/pull/1366
• @bugos made their first contribution in https://github.com/google/santa/pull/1368

Full Changelog: https://github.com/google/santa/compare/2024.5...2024.6