Giters

google / santa

A binary authorization and monitoring system for macOS

Home Page:https://santa.dev

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Options for speeding up the sync of new rules

p-harrison opened this issue · comments

commented

Hey guys,

We have Santa configured to sync once an hour with our sync server. This is really too frequent for a ruleset that only changes every few days, but not fast enough for a user who needs access to something urgently :). So I wonder if I can ask two questions -

  1. I know there was some discussion about making santactl sync available to non-admin users. I wonder if it is something that could be considered again? It would mostly solve our issue without adding too much complexity (for me, I'm not sure what it would mean for you :) ). If there are concerns about it being abused, perhaps a config key could enable/disable the ability for users to force a sync.

  2. I can see a couple of config keys for Push Notifications and more in the code, but no documentation. Does this mean Push Notifications are only available in Google's deployment of Santa or is it something others can use? It would be more complex to setup, but would be superior to users performing syncs themselves, and I like the idea of pop-ups to inform users when something has been added to the allowlist.

Cheers,
Philip

commented

Making santactl sync available to non-admin users.

We're in favor of making it available to non-root users.

I can see a couple of config keys for Push Notifications and more in the code, but no documentation. Does this mean Push Notifications are only available in Google's deployment of Santa or is it something others can use?

Sadly, no. This is still tied to some Google specifics regarding FCM.

commented

Sadly, no. This is still tied to some Google specifics regarding FCM.

I think it would be worth updating the docs to reflect this, to save people like me creating Issues with the same question in future? I'd suggest either remove references to FCM/push-notifications (if the feature is unlikely to be made broadly available in the next couple of years) or to add a note that the feature is currently available on the internal Google Santa implementation only (if it may be made broadly available in the near future). I'm happy to make the changes.

commented

@p-harrison PRs would be appreciated re:docs.

Eventually I'd like to get something everyone could use however it's been way down on the list of priorities.