I am working on a way of reporting what binaries on a device are blocked by rule.
Per the usage text for santactl fileinfo, it looked like the --filter option would be the way to go. However, providing --filter Type=Executable --filter Rule=Blocked returned output that included executables without block rules.
To reproduce:
Block an arbitrary binary: sudo santactl rule --block --path /usr/bin/yes
I am working on a way of reporting what binaries on a device are blocked by rule.
Per the usage text for
santactl fileinfo
, it looked like the--filter
option would be the way to go. However, providing--filter Type=Executable --filter Rule=Blocked
returned output that included executables without block rules.To reproduce:
sudo santactl rule --block --path /usr/bin/yes
sudo santactl rule --check --path /usr/bin/yes
santactl fileinfo --recursive --filter Type=Executable --filter Rule=Blocked --key Path --key Rule /usr/bin/
Rule: Could not communicate with daemon
Rule: Blocked (Binary)