mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update Getting-started.md

Browse source 
fixed typo and improvements #444
This commit is contained in:
Gustavo Iñiguez Goia 2021-06-21 18:28:42 +02:00 committed by GitHub
parent 72f89bed91
commit 5add66659c
Failed to generate hash of commit
1 changed files with 17 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
wiki/Getting-started.md
View file

@ -2,30 +2,38 @@ After [installing opensnitch](https://github.com/evilsocket/opensnitch/wiki/Inst
![image](https://user-images.githubusercontent.com/2742953/122753129-1556cb80-d292-11eb-8a70-36a270132c56.png)
You can launch the GUI from that icon or from the system menu (Internet -> OpenSnitch)
The daemon will start intercepting connections, prompting you to allow or deny them. The default action is to allow them, and if you don't apply an action, after 15 seconds it'll apply the default action configured.
The daemon will start intercepting connections, prompting you to allow or deny them. If you don't apply an action, after 15 seconds (configurable) it'll apply the default action configured.
![](https://user-images.githubusercontent.com/2742953/85336535-0acaf000-b4df-11ea-9d69-c7bd7b597886.png)
![image](https://user-images.githubusercontent.com/2742953/122794725-da1dc200-d2bc-11eb-9f47-5fc3fc995db7.png)
<br/>
When you open the GUI, you'll see all the connections and processes that has intercepted. Double click on a row to view the details of a process, rule, host or user.
When you open the GUI, you'll see all the connections and processes that the daemon has intercepted. Double click on a row to view the details of a process, rule, host or user.
![](https://user-images.githubusercontent.com/2742953/85336893-bf651180-b4df-11ea-908e-6202e989a8ae.png)
![image](https://user-images.githubusercontent.com/2742953/122794871-02a5bc00-d2bd-11eb-8e7d-8f0827e8d09c.png)
<br/>
You can configure the default action to Deny (Preferences -> UI -> Default Action, and optionally [x] Disable pop-ups), let it run for a while (hours, days, weeks), and observe passively what your machine is doing.
:information_source: **Tip:** Configure the default action to Allow (Preferences -> UI -> Default Action, and optionally [x] Disable pop-ups), let it run for a while (hours, days, weeks), and observe passively what your machine is doing.
This action has two advantages: you learn about your system and OpenSnitch creates the rules for you (Rules tab -> Temporary)
![](https://user-images.githubusercontent.com/2742953/85337403-b294ed80-b4e0-11ea-8c65-d8251c6af25b.png)
![](https://user-images.githubusercontent.com/2742953/85336695-55e50300-b4df-11ea-86d5-b70b78fd7896.png)
This action has two advantages: you'll learn about your system and OpenSnitch will create the rules for you (Rules tab -> Temporary).
Remember to change it back to Deny.
<br/><br/>
To see and modify the rules accumulated so far, click on the OpenSnitch icon in the System Tray. A GUI listing the rules will appear. You can click on each rule and then click on the Trash Can icon to delete it. Or you can click on a rule and right-click on it to modify allow/deny or duration etc. The list may take up to 15 seconds to show the update in the GUI. Note: if you modify the action of a rule (e.g. change from deny to allow), the name of it may not change (e.g. may stay as "deny-...").
![image](https://user-images.githubusercontent.com/2742953/122754068-729f4c80-d293-11eb-8496-c1d98b393cbd.png)
<br/>
Once you know which are the common processes, IPs and hosts that your machine is connecting to, you can start creating permanent rules (Duration: always) to deny or allow them. You can also convert temporary rules to permanent by right-clicking on a temporary rule or by double-clicking on it, and then edit it.
![image](https://user-images.githubusercontent.com/2742953/122754509-0f61ea00-d294-11eb-990b-2377b0add1f3.png)
@ -36,11 +44,10 @@ A common practice is to apply a rule of "Least privilege", i.e., block everythin
[Read more about blocking lists](block-lists)
![](https://user-images.githubusercontent.com/2742953/85337403-b294ed80-b4e0-11ea-8c65-d8251c6af25b.png)
![](https://user-images.githubusercontent.com/2742953/85337070-136ff600-b4e0-11ea-838a-439366c70668.png)
Notes
Notes 📔
---
Some processes are part of the GNU/Linux ecosystem, and critical to the well functioning of it. Some of these processes are:
@ -61,7 +68,7 @@ Some others are not critical, but as part of the system they have their function
```
Some applications launch external processes, so for example, you may be prompted to allow application A, and just right away asked to allow application B.
This is the case with Epiphany web browser, gnome-maps or snap: https://github.com/gustavo-iniguez-goya/opensnitch/issues/134#issuecomment-772876103
This is the case with Epiphany web browser, gnome-maps, snap or Spotify: https://github.com/gustavo-iniguez-goya/opensnitch/issues/134#issuecomment-772876103
```
/usr/bin/epiphany
/usr/lib/x86_64-linux-gnu/webkit2gtk-4.0/WebKitNetworkProcess