Agent 0.6.7 for macOS 14.4+ (Sonoma) using wdutil and sudoers.

The PanSift agent 0.6.7 now uses "sudo wdutil info" for macOS 14.4 and above (older macOS will still use the airport CLI tool). This new approach with "wdutil" is the first time the agent requires any elevated user privileges, and as such, the installer now adds a dedicated file called "pansift" to the directory "/etc/sudoers.d". This allows the targeted user account *only* to explicitly run "wdutil info" as part of the agent's stats collection. We do not enable arbitrary wdutil commands, just "wdutil info", and only for the user account logged in during install.

This means we can continue to get metrics such as MCS, number of spatial streams, and country code, but we can also restore information regarding the connected AP(Access Point) BSSID and OEM vendor. The "pansift" sudoers file is removed during uninstallation. It is viewable on macOS machines at "/etc/sudoers.d/pansift". We welcome all and any feedback as we strive to provide insights and make the invisible visible.

Upgrade file (v0.6.7): https://pansift.com/dl/latest_pkg <-- click, check "Downloads", and then open!

Agent 0.6.5 on macOS 14.4 (Sonoma) Developer Beta 2 - airport issues

We are working on a newer agent to replace the current version 0.6.5 due to the deprecation of the airport command line utility in macOS 14.4. PanSift made heavy use of this utility to get specific Wi-Fi data and metrics. We already use a mix of utilities to get this data but need to adapt to this deprecation. This may mean having to utilize some higher privileged command levels and native APIs/SDK. Note: We had hoped to always run PanSift with the most minimal permission set, but Apple is making this harder ;)

Web Application Optimizations (Ruby / Memory / Security)

The PanSift web application receives daily/weekly deployments for features, tweaks, and fixes. Code moves from local to staging to main (production) via our CI/CD pipeline built on Github Actions. The latest PR (Pull Request) and associated deployment address a long-standing creeping memory utilization issue (which was being intermittently masked by deployments and phased-restarts!).

We've upgraded from Ruby 3.0.1 to 3.0.6 with jemalloc to address better memory management and leaks. This updated ruby version also addresses the latest security updates for the 3.0.x train. The puma gem has also moved from 5.4.0 to 5.6.7 with additional fixes and optimizations. Additionally, work was performed to more cleanly complete and close remote API calls made using the influxdb-client-ruby gem (used extensively for our real-time graphs, reports, and insights). 

Note: In future, we will move to the Ruby 3.1.X train, but it currently has too many breaking changes due to issues with the pysch gem and other problematic dependencies. We also don't normally post web application updates here unless they are substantial features or notable fixes...  happy troubleshooting!

Web Reports (Beta) and Agent v0.6.1 with bugfixes and optimizations.

A delayed announcement, but Reports is now live for buckets (based upon your chosen SLE's and tolerances).

new_report_image.png 54.3 KB

Note: Also, the agent binary is now v0.6.1 with some minor bugfixes and tweaks (like additional WLAN states and OSX version nuances). Please update your agents to the latest version v0.6.1 

Agent v0.5.9 with telegraf arm binary, better tags and 802.11ax improvements

Please update your agents to the latest version v0.5.9.  Fixes for the telegraf M1 binary depending upon architecture (the PS agent was always cross-compiled. However, telegraf would have previously only worked if Rosetta was already installed whereby now telegraf works by default by selecting the correct binary). Also, tweaks for scripts relating to 802.11ax and better tagging.

Agent v0.5.6 with tonnes of agent improvements and better web UI

Please update your agents to the latest version v0.5.6. Fixes for multiple telegraf instances running (which led to increases in data and insights), incorrect DNS failure conditions addressed on fast connections and caches, better agent logic and menus, and some web annotations improvements to help you know what's going wrong and when!

Dashboard UI and respective API calls to Influx

Updated the icons and colors on the dashboard to accommodate larger amounts of insights. Also updated the method for requesting insights from Influx to reduce API calls to per bucket rather than per agent.
© 2024 Defensible Limited