search

google / santa

A binary authorization and monitoring system for macOS
https://santa.dev
Apache License 2.0
4.44k stars 297 forks source link

Install issue: An error occurred communicating with the daemon, is it running? #1435

Open LVaclav opened 3 weeks ago

LVaclav commented 3 weeks ago

I am attempting to get santa up and running on just one computer for demonstration purposes so i've opted to not set up the sync server. I suspect the problem lies with installing the profiles. The first configuration profile installs fine but the TCC and system extension profiles return a "The profile must originate from a user approved MDM server.".

To do this myself I'd have to be enrolled in the apple developer program. Is it possible to install these without program access?

Thanks alot for any help.

Here are some common troubleshooting logs for if i have misdiagnosed the issue:

santactl version:

santad          | 2024.9 (build 674285143)
santactl        | 2024.9 (build 674285143)
SantaGUI        | 2024.9 (build 674285143)

ls -al /Applications/Santa.app/Contents/MacOS:

total 72872
drwxr-xr-x   7 root  wheel       224 13 Sep 16:27 .
drwxr-xr-x  10 root  wheel       320 13 Sep 16:27 ..
-rwxr-xr-x   1 root  wheel   1825968 13 Sep 16:27 Santa
-rwxr-xr-x   1 root  wheel   1411136 13 Sep 16:27 santabundleservice
-rwxr-xr-x   1 root  wheel  16980240 13 Sep 16:27 santactl
-rwxr-xr-x   1 root  wheel   1229184 13 Sep 16:27 santametricservice
-rwxr-xr-x   1 root  wheel  15853904 13 Sep 16:27 santasyncservice

systemextensionsctl list:

1 extension(s)
--- com.apple.system_extension.endpoint_security (Go to 'System Settings > General > Login Items & Extensions > Endpoint Security Extensions' to modify these system extension(s))
enabled active  teamID  bundleID (version)  name    [state]
*   *   EQHXZ8M8AV  com.google.santa.daemon (2024.9/2024.9.674285143)   santad  [activated enabled]

ps -ef | grep santa:

   -2 89534     1   0  3:21pm ??         0:00.03 /Applications/Santa.app/Contents/MacOS/santametricservice --syslog
  501 13173 72965   0  3:49pm ttys000    0:00.00 grep santa

And of course, santactl status: 

An error occurred communicating with the daemon, is it running?
russellhancox commented 2 weeks ago

You're welcome to wait for someone at Google to respond to this issue but the original Santa team has moved over to a new repository. If you'd like to re-open your issue at https://github.com/northpolesec/santa, we'd be happy to help you out there