mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 21:47:20 +00:00
c2f4c9638b
## Summary - **Removed the WhatsApp block rule** from the Santa rules configuration profile (`santa-rules.mobileconfig`). The rule blocked WhatsApp.app via a CDHASH identifier (`54a8ec11bcea48a276b1fdce556a29108ba77de4`) and is no longer needed. - **Expanded Santa profile deployment to all macOS hosts** on the Workstations team. Both `santa-configuration.mobileconfig` and `santa-rules.mobileconfig` were previously scoped only to the `"Santa test devices"` label (4 specific Macs). Removed the `labels_include_any` restriction so these profiles now install on all Macs in the Workstations team. - **Deleted the "Santa test devices" label entirely.** Removed the label definition file (`santa-test-devices.yml`), its reference in `default.yml`, and all remaining `labels_include_any` references to it from the Santa software entry, install-santa-extension policy, and collect-santa-denied-logs report. ## Changes ### `it-and-security/lib/macos/configuration-profiles/santa-rules.mobileconfig` - Removed the `BLOCKLIST` / `CDHASH` rule entry for WhatsApp.app (identifier `54a8ec11bcea48a276b1fdce556a29108ba77de4`) - The allowlist for North Pole Security (Team ID) and the test block rule for BundleExample.app remain unchanged ### `it-and-security/fleets/workstations.yml` - Removed `labels_include_any: ["Santa test devices"]` from the `santa-configuration.mobileconfig` and `santa-rules.mobileconfig` profile entries - Removed `labels_include_any: ["Santa test devices"]` from the Santa software entry - All Santa-related profiles and software now apply to all macOS hosts on the Workstations team ### `it-and-security/lib/all/labels/santa-test-devices.yml` (deleted) - Removed the manual label definition for "Santa test devices" (previously scoped to 4 specific Macs) ### `it-and-security/default.yml` - Removed the label path reference to `santa-test-devices.yml` ### `it-and-security/lib/macos/policies/install-santa-extension.yml` - Removed `labels_include_any: ["Santa test devices"]` so the policy applies to all macOS hosts ### `it-and-security/lib/macos/reports/collect-santa-denied-logs.yml` - Removed `labels_include_any: ["Santa test devices"]` so the report applies to all macOS hosts --- Built for [Allen Houchins](https://fleetdm.slack.com/archives/D0AFASNBZMW/p1774320804143629?thread_ts=1774320368.198119&cid=D0AFASNBZMW) by [Kilo for Slack](https://kilo.ai/features/slack-integration) --------- Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| 1password-managed-settings.mobileconfig | ||
| automatic-app-store-updates.mobileconfig | ||
| chrome-enrollment.mobileconfig | ||
| date-time.mobileconfig | ||
| disable-bluetooth-file-sharing.mobileconfig | ||
| disable-content-caching.mobileconfig | ||
| disable-guest-account.mobileconfig | ||
| disable-guest-shares.mobileconfig | ||
| disable-internet-sharing.mobileconfig | ||
| disable-media-sharing.mobileconfig | ||
| disable-safari-safefiles.mobileconfig | ||
| enable-doh.mobileconfig | ||
| enable-firewall-logging.mobileconfig | ||
| enable-gatekeeper.mobileconfig | ||
| enforce-library-validation.mobileconfig | ||
| ensure-show-status-bar-is-enabled.mobileconfig | ||
| firewall.mobileconfig | ||
| fleet-okta-conditional-access.mobileconfig | ||
| full-disk-access-for-fleetd.mobileconfig | ||
| google-chrome-managed-bookmarks.mobileconfig | ||
| google-updater-background-task.mobileconfig | ||
| limit-ad-tracking.mobileconfig | ||
| microsoft-autoupdate-settings.mobileconfig | ||
| misc.mobileconfig | ||
| nudge-configuration.mobileconfig | ||
| okta-verify-settings.mobileconfig | ||
| prevent-autologon.mobileconfig | ||
| santa-configuration.mobileconfig | ||
| santa-rules.mobileconfig | ||
| secure-terminal-keyboard.mobileconfig | ||