Rules handling and client_sync

Question

Rules handling and client_sync

weiminm opened this issue 5 years ago · 6 comments

weiminm commented 5 years ago

Hi.

When a rule is deleted from the toml, a Santa sync does not remove the rule from the Santa dB.

Thanks!

Answer 1 · 2020-04-17T17:24:45.000Z

I can verify that this is the case.

Answer 2 · 2020-10-10T11:03:27.000Z

Same problem.

Answer 3 · 2020-10-18T23:52:33.000Z

Same issue here. Anyone have a workaround for this?

Answer 4 · 2020-10-26T17:22:06.000Z

Confirmed as well on my end.

Answer 5 · 2020-11-12T23:52:59.000Z

As a work around you can "over-write" the rule. AKA if it was blacklisted move it to the whitelist. or if it was whitelisted move to the blacklist.

Has gotten me past some of the issues haven't fully tested it. but it might resolve the issue for a few people.

Answer 6 · 2023-06-07T18:35:16.000Z

Very late but with #32 added the REMOVE policy type. So, you can now change your rule policy to REMOVE and the santa client will do the right thing and remove it.

ex:

[[rules]]
rule_type = "BINARY"
policy = "REMOVE"
identifier = "50d79d1763fefb56716e4a36284300523eb4335c3726fb9070fa83074b02279e"
custom_msg = "remove allowlist of the go compiler component"