Comments (4)
russellhancox
commented on April 28, 2024
Ah yes, that part of the README hasn't been updated since moving santad/santactl inside the kext due to SIP.
The simple option would be to just leave the existing binaries where they are and install your custom santad/santactl binaries elsewhere, adjusting the paths in SNTCommonEnums.h and the santad.plist as appropriate.
The best option would be to apply for your own kext-signing certificate. The advice in the README was more aimed at enterprises who wanted to make customizations to Santa for their environment, which is something Apple were unlikely to issue certs for. As you're making a new product based on Santa you should be able to get a cert.
from santa.
wjk
commented on April 28, 2024
Is there any chance you can move the two binaries back out of the KEXT and into the /usr/local/bin directory? This directory is also in the system PATH, and is intended as a destination for command-line tools written by third-party developers. It is explicitly not protected by SIP for just this reason.
from santa.
russellhancox
commented on April 28, 2024
Anything under /usr/local is troublesome because many users and tools like to take ownership of it (like homebrew, for example). I initially considered putting the binaries in a subfolder of /Library but keeping everything inside the kext keeps things quite simple.
from santa.
wjk
commented on April 28, 2024
Oh, OK. I really didn’t want to go through the trouble of getting my own KEXT-signing certificate, but it looks like I’ll have to. Thanks for your help nonetheless.
from santa.
Related Issues (20)
- Options for speeding up the sync of new rules HOT 3
- Upon install app fails to pick up config from MDM HOT 2
- Support for advanced rulesets, including evaluation of flags, via Common Expression Language HOT 1
- System Extension or Kernel? HOT 1
- Santa is Blocking SantaCtl HOT 7
- Binary Blocked But FileInfo Says Allowed HOT 8
- Bundle Scanning Does Not Start When EnableSilentMode = YES HOT 5
- santactl status discrepancy when running as root/non-root HOT 1
- Parquet output HOT 9
- Switch to evaluating the live `SecCodeRef` when authorizing new execs
- Efficient mechanism for rule pruning HOT 4
- santa daemon should have a mechanism to prevent being killed by users with root privileges. HOT 1
- Why is Clean Sync Required Always YES Even When Sync Server Sends NO HOT 9
- Compiler Rule: How to Check? HOT 3
- How to remove santa without having access to terminal or applications folder?
- Preflight `clean_sync` has no effect when no rules are sent. HOT 4
- Document that last rule for a given identifier applies
- Support log upload when file system monitoring denies an operation
- `santactl rule --check` is broken HOT 2
- Bypass via Recovery Mode HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from santa.