Comments (3)
I'd think the common-case for using santactl at all is to whitelist, and --path seems to would be easiest to copy-paste into terminal from the block dialog … Could we make the rule subcommand not require --whitelist or --path
Whitelisting may be the common case but making it the default would be a surprise to many people and I would rather users/admins be explicit about their intention than accidentally whitelisting something they intend to blacklist.
Would allowing the command to operate on multiple paths be OK? E.g:
santactl rule --whitelist --path /path/to/file1 /path/to/file2 /path/to/file3
would also be nice if the dialog went to the pasteboard escaped... I'm asking too much, aren't I.
I'm sure we can manage that.
Path also doesn't currently try to extract leaf certs for building the rule (if present), could that functionality be enabled?
It does, e.g:
santactl rule --whitelist --certificate --path /Applications/1Password.app
Would add a rule for AgileBits' developer cert.
from santa.
Ah, I swore I got a message saying e.g. /Apps/1Password
was an invalid argument, I probably left out the --certificate
. I'm easily confused about flag ordering as well (gives sideways glance to variation between git subcommands), so while I agree that admins do need to exert some caution either way, at least collapsing/making --certificate
optional would be nice. Encouragement-wise, admins should be having a sad every time they need to specify a binaries fingerprint, so having it bark at you to explicitly add the --sha256
option when a certificate isn't found seems a good nudge in the maintainable direction.
I also finally noticed the globbing in the example help
output displays for fileinfo
- super fast!
from santa.
I'm going to close this out for now, and consider escaped text a 'nice to have' feature request that may be supplemented by more tooling or user-friendliness to reduce the dependence on CLI interaction in the future.
from santa.
Related Issues (20)
- "deadline reached" in a File Access Authorization rule HOT 6
- Allow file access logging from binaries in the default mute set HOT 2
- Rules for Temp Files During Build HOT 2
- After turning on the clean_sync switch, the event logs are no longer being uploaded HOT 19
- Investigate the use of an array for both AllowedPathRegex, BlockedPathRegex, & FileChangesRegex HOT 2
- Support conditions on the parent process in binary execution rules HOT 5
- Ensure messageHash works for Exec and File Events HOT 2
- UI configuration options HOT 3
- An error occurred communicating with the daemon, is it running? HOT 6
- Santa doesn't block scripts HOT 3
- Use SecTaskGetCodeSignStatus for Platform Binaries HOT 4
- Can't install the sample profile- The profile must originate from a user approved MDM server. HOT 2
- Any way to avoid chunked encoding? HOT 8
- Certificate SHA256 hashes are case-sensitive HOT 5
- Present information in the Santa blocked pop-up so it is more readily copy/pasted to a new rule HOT 2
- Incorrect event decision code being synced to server (ALLOW_UNKNOWN instead of ALLOW_TEAMID) HOT 5
- Allow events not being sent to sync server in Lockdown mode HOT 5
- Blocked Execution system notification is not processed unless receiver is focussed HOT 5
- Config: Add ability to include custom headers in sync requests
- Simple developer bootstrap - still possible? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from santa.