Santa in the Summer: Getting Started with Google Santa

Speakers: Todd Houle

Level: Intermediate, Lecture

Excerpt: Some computers should only be allowed to run specific programs (whitelist). Some computers should not run bad programs (blacklist). A whitelist/blacklist application can keep your environment secure and log activity for audit purposes. Google developed a tool called Santa and shared it with the world. This session will demonstrate how to create basic rules about what programs are allowed to run and how to block! We’ll also setup a basic Moroz server to receive alerts of unauthorized application launches and monitor events. Further, we’ll find out to track down what’s happening on the computer through its extensive logging.

Description: Google Santa is a kernel extension that is invoked before any application is launched. It will make a decision based on rules, assigned by you, if that application should be allowed to run or not. It has a Lockdown mode, where only allowed applications are allowed to run. And it has a Monitor mode, where only blacklisted applications will be blocked. It can also be configured to log to a server any unknown or blocked application launch. Further, it locally logs actions on the computer such as file READ, WRITE, or DELETE commands, disk mounts, and more. These logs can be invaluable during an audit or even troubleshooting.
This presentation will cover how to install Santa in single standalone mode and add some rules. Then we will extend that configuration by pushing rules to it from a management server via Configuration Profile. Finally, we’ll add in an event server which centrally logs Blocked Applications in Lockdown mode, and Unknown Applications in Monitor mode.
Much of this demonstration will be in the command line during this session; some familiarity with Terminal is recommended.

About the speaker

Todd Houle – Apple Service Owner – Massachusetts Institute of Technology

Todd Houle has been working in computers since the early 1990’s focusing on management and end user usability. He currently works at MIT managing a portion of the Desktop Engineering team providing software updates, imaging, and security to enterprise computers.
Outside of the office, he can be found sailing outside Boston or enjoying board games with the family.

This entry was posted in MacAdmins 2019 Sessions. Bookmark the permalink.