mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 00:24:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

ui,prefs: allow to configure node's TLS settings

Browse source
This commit is contained in:
Gustavo Iñiguez Goia 2023-07-31 13:16:52 +02:00
parent ce7c3f8002
commit 6556eed1ae
Failed to generate hash of commit
3 changed files with 642 additions and 359 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ui/opensnitch/auth/__init__.py
View file

@ -5,6 +5,12 @@ Simple = "simple"
TLSSimple = "tls-simple"
TLSMutual = "tls-mutual"
NO_CLIENT_CERT = "no-client-cert"
REQ_CERT = "req-cert"
REQ_ANY_CERT = "req-any-cert"
VERIFY_CERT = "verify-cert"
REQ_AND_VERIFY_CERT = "req-and-verify-cert"
def load_file(file_path):
try:

257
ui/opensnitch/dialogs/preferences.py
View file

@ -29,6 +29,10 @@ class PreferencesDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
TAB_NODES = 3
TAB_DB = 4
NODE_PAGE_GENERAL = 0
NODE_PAGE_LOGGING = 1
NODE_PAGE_AUTH = 2
SUM = 1
REST = 0
@ -36,6 +40,19 @@ class PreferencesDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
AUTH_TLS_SIMPLE = 1
AUTH_TLS_MUTUAL = 2
NODE_AUTH = {
AUTH_SIMPLE: auth.Simple,
AUTH_TLS_SIMPLE: auth.TLSSimple,
AUTH_TLS_MUTUAL: auth.TLSMutual
}
NODE_AUTH_VERIFY = {
0: auth.NO_CLIENT_CERT,
1: auth.REQ_CERT,
2: auth.REQ_ANY_CERT,
3: auth.VERIFY_CERT,
4: auth.REQ_AND_VERIFY_CERT
}
def __init__(self, parent=None, appicon=None):
QtWidgets.QDialog.__init__(self, parent, QtCore.Qt.WindowStaysOnTopHint)
@ -82,6 +99,14 @@ class PreferencesDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
self.comboAuthType.setItemData(PreferencesDialog.AUTH_SIMPLE, auth.Simple)
self.comboAuthType.setItemData(PreferencesDialog.AUTH_TLS_SIMPLE, auth.TLSSimple)
self.comboAuthType.setItemData(PreferencesDialog.AUTH_TLS_MUTUAL, auth.TLSMutual)
self.comboNodeAuthType.setItemData(PreferencesDialog.AUTH_SIMPLE, auth.Simple)
self.comboNodeAuthType.setItemData(PreferencesDialog.AUTH_TLS_SIMPLE, auth.TLSSimple)
self.comboNodeAuthType.setItemData(PreferencesDialog.AUTH_TLS_MUTUAL, auth.TLSMutual)
self.comboNodeAuthVerifyType.setItemData(0, auth.NO_CLIENT_CERT)
self.comboNodeAuthVerifyType.setItemData(1, auth.REQ_CERT)
self.comboNodeAuthVerifyType.setItemData(2, auth.REQ_ANY_CERT)
self.comboNodeAuthVerifyType.setItemData(3, auth.VERIFY_CERT)
self.comboNodeAuthVerifyType.setItemData(4, auth.REQ_AND_VERIFY_CERT)
self.comboUIRules.currentIndexChanged.connect(self._cb_combo_uirules_changed)
@ -162,11 +187,22 @@ class PreferencesDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
self.comboNodeAddress.currentTextChanged.connect(self._cb_node_needs_update)
self.checkInterceptUnknown.clicked.connect(self._cb_node_needs_update)
self.checkApplyToNodes.clicked.connect(self._cb_node_needs_update)
self.comboDBType.currentIndexChanged.connect(self._cb_db_type_changed)
self.checkDBMaxDays.toggled.connect(self._cb_db_max_days_toggled)
self.comboNodeAction.currentIndexChanged.connect(self._cb_node_needs_update)
self.checkNodeAuthSkipVerify.clicked.connect(self._cb_node_needs_update)
self.comboNodeAuthVerifyType.currentIndexChanged.connect(self._cb_node_needs_update)
self.comboAuthType.currentIndexChanged.connect(self._cb_combo_auth_type_changed)
self.comboNodeAuthType.currentIndexChanged.connect(self._cb_combo_node_auth_type_changed)
self.lineCACertFile.textChanged.connect(self._cb_line_certs_changed)
self.lineCertFile.textChanged.connect(self._cb_line_certs_changed)
self.lineCertKeyFile.textChanged.connect(self._cb_line_certs_changed)
self.lineNodeCACertFile.textChanged.connect(self._cb_node_line_certs_changed)
self.lineNodeCertFile.textChanged.connect(self._cb_node_line_certs_changed)
self.lineNodeCertKeyFile.textChanged.connect(self._cb_node_line_certs_changed)
self.comboDBType.currentIndexChanged.connect(self._cb_db_type_changed)
self.checkDBMaxDays.toggled.connect(self._cb_db_max_days_toggled)
# True when any node option changes
self._node_needs_update = False
@ -298,38 +334,42 @@ class PreferencesDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
def _load_node_settings(self):
addr = self.comboNodes.currentText()
if addr != "":
try:
node_data = self._node_list[addr]['data']
self.labelNodeVersion.setText(node_data.version)
self.labelNodeName.setText(node_data.name)
self.comboNodeLogLevel.setCurrentIndex(node_data.logLevel)
if addr == "":
return
node_config = json.loads(node_data.config)
self.comboNodeAction.setCurrentText(node_config['DefaultAction'])
self.comboNodeDuration.setCurrentText(node_config['DefaultDuration'])
self.comboNodeMonitorMethod.setCurrentText(node_config['ProcMonitorMethod'])
self.checkInterceptUnknown.setChecked(node_config['InterceptUnknown'])
self.comboNodeLogLevel.setCurrentIndex(int(node_config['LogLevel']))
try:
node_data = self._node_list[addr]['data']
self.labelNodeVersion.setText(node_data.version)
self.labelNodeName.setText(node_data.name)
self.comboNodeLogLevel.setCurrentIndex(node_data.logLevel)
if node_config.get('LogUTC') == None:
node_config['LogUTC'] = False
self.checkNodeLogUTC.setChecked(node_config['LogUTC'])
if node_config.get('LogMicro') == None:
node_config['LogMicro'] = False
self.checkNodeLogMicro.setChecked(node_config['LogMicro'])
node_config = json.loads(node_data.config)
self.comboNodeAction.setCurrentText(node_config['DefaultAction'])
self.comboNodeDuration.setCurrentText(node_config['DefaultDuration'])
self.comboNodeMonitorMethod.setCurrentText(node_config['ProcMonitorMethod'])
self.checkInterceptUnknown.setChecked(node_config['InterceptUnknown'])
self.comboNodeLogLevel.setCurrentIndex(int(node_config['LogLevel']))
if node_config.get('Server') != None:
self.comboNodeAddress.setEnabled(True)
self.comboNodeLogFile.setEnabled(True)
if node_config.get('LogUTC') == None:
node_config['LogUTC'] = False
self.checkNodeLogUTC.setChecked(node_config['LogUTC'])
if node_config.get('LogMicro') == None:
node_config['LogMicro'] = False
self.checkNodeLogMicro.setChecked(node_config['LogMicro'])
self.comboNodeAddress.setCurrentText(node_config['Server']['Address'])
self.comboNodeLogFile.setCurrentText(node_config['Server']['LogFile'])
else:
self.comboNodeAddress.setEnabled(False)
self.comboNodeLogFile.setEnabled(False)
except Exception as e:
print(self.LOG_TAG + "exception loading config: ", e)
if node_config.get('Server') != None:
self.comboNodeAddress.setEnabled(True)
self.comboNodeLogFile.setEnabled(True)
self.comboNodeAddress.setCurrentText(node_config['Server']['Address'])
self.comboNodeLogFile.setCurrentText(node_config['Server']['LogFile'])
self._load_node_auth_settings(node_config['Server'])
else:
self.comboNodeAddress.setEnabled(False)
self.comboNodeLogFile.setEnabled(False)
except Exception as e:
print(self.LOG_TAG + "exception loading config: ", e)
def _load_node_config(self, addr):
try:
@ -359,6 +399,10 @@ class PreferencesDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
# skip setting Server Address if we're applying the config to all nodes
node_config['Server']['Address'] = self.comboNodeAddress.currentText()
node_config['Server']['LogFile'] = self.comboNodeLogFile.currentText()
cfg = self._load_node_auth_config(node_config['Server'])
if cfg != None:
node_config['Server'] = cfg
else:
print(addr, " doesn't have Server item")
return json.dumps(node_config, indent=" "), None
@ -367,6 +411,52 @@ class PreferencesDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
return None, QC.translate("preferences", "Error loading {0} configuration").format(addr)
def _load_node_auth_settings(self, config):
try:
if config.get('Authentication') == None:
self.toolBox.setItemEnabled(self.NODE_PAGE_AUTH, False)
return
authtype_idx = self.comboNodeAuthType.findData(config['Authentication']['Type'])
self.lineNodeCACertFile.setEnabled(authtype_idx >= 0)
self.lineNodeServerCertFile.setEnabled(authtype_idx >= 0)
self.lineNodeCertFile.setEnabled(authtype_idx >= 0)
self.lineNodeCertKeyFile.setEnabled(authtype_idx >= 0)
if authtype_idx >= 0:
self.lineNodeCACertFile.setText(config['Authentication']['TLSOptions']['CACert'])
self.lineNodeServerCertFile.setText(config['Authentication']['TLSOptions']['ServerCert'])
self.lineNodeCertFile.setText(config['Authentication']['TLSOptions']['ClientCert'])
self.lineNodeCertKeyFile.setText(config['Authentication']['TLSOptions']['ClientKey'])
self.checkNodeAuthSkipVerify.setChecked(config['Authentication']['TLSOptions']['SkipVerify'])
clienttype_idx = self.comboNodeAuthVerifyType.findData(config['Authentication']['TLSOptions']['ClientAuthType'])
if clienttype_idx >= 0:
self.comboNodeAuthVerifyType.setCurrentIndex(clienttype_idx)
else:
authtype_idx = 0
self.comboNodeAuthType.setCurrentIndex(authtype_idx)
except Exception as e:
print("[prefs] node auth options exception:", e)
self._set_status_error(str(e))
def _load_node_auth_config(self, config):
try:
if config.get('Authentication') == None:
self.toolBox.setItemEnabled(self.NODE_PAGE_AUTH, False)
return
config['Authentication']['Type'] = self.NODE_AUTH[self.comboNodeAuthType.currentIndex()]
config['Authentication']['TLSOptions']['CACert']= self.lineNodeCACertFile.text()
config['Authentication']['TLSOptions']['ServerCert'] = self.lineNodeServerCertFile.text()
config['Authentication']['TLSOptions']['ClientCert'] = self.lineNodeCertFile.text()
config['Authentication']['TLSOptions']['ClientKey'] = self.lineNodeCertKeyFile.text()
config['Authentication']['TLSOptions']['SkipVerify'] = self.checkNodeAuthSkipVerify.isChecked()
config['Authentication']['TLSOptions']['ClientAuthType'] = self.NODE_AUTH_VERIFY[self.comboNodeAuthVerifyType.currentIndex()]
return config
except Exception as e:
print("[prefs] node auth options exception:", e)
self._set_status_error(str(e))
return None
def _load_ui_columns_config(self):
cols = self._cfg.getSettings(Config.STATS_SHOW_COLUMNS)
if cols == None:
@ -405,39 +495,11 @@ class PreferencesDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
def _save_settings(self):
self._reset_status_message()
self._show_status_label()
self._save_ui_config()
if not self._save_db_config():
return
if self.tabWidget.currentIndex() == self.TAB_NODES:
self._show_status_label()
addr = self.comboNodes.currentText()
if (self._node_needs_update or self.checkApplyToNodes.isChecked()) and addr != "":
try:
notif = ui_pb2.Notification(
id=int(str(time.time()).replace(".", "")),
type=ui_pb2.CHANGE_CONFIG,
data="",
rules=[])
if self.checkApplyToNodes.isChecked():
for addr in self._nodes.get_nodes():
error = self._save_node_config(notif, addr)
if error != None:
self._set_status_error(error)
return
else:
error = self._save_node_config(notif, addr)
if error != None:
self._set_status_error(error)
return
except Exception as e:
print(self.LOG_TAG + "exception saving config: ", e)
self._set_status_error(QC.translate("preferences", "Exception saving config: {0}").format(str(e)))
elif addr == "":
self._set_status_message(QC.translate("preferences", "There're no nodes connected"))
self._node_needs_update = False
self._save_nodes_config()
self.saved.emit()
self._settingsSaved = True
@ -564,6 +626,34 @@ class PreferencesDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
self._cfg.setSettings(Config.STATS_SHOW_COLUMNS, cols)
def _save_nodes_config(self):
addr = self.comboNodes.currentText()
if (self._node_needs_update or self.checkApplyToNodes.isChecked()) and addr != "":
try:
notif = ui_pb2.Notification(
id=int(str(time.time()).replace(".", "")),
type=ui_pb2.CHANGE_CONFIG,
data="",
rules=[])
if self.checkApplyToNodes.isChecked():
for addr in self._nodes.get_nodes():
error = self._save_node_config(notif, addr)
if error != None:
self._set_status_error(error)
return
else:
error = self._save_node_config(notif, addr)
if error != None:
self._set_status_error(error)
return
except Exception as e:
print(self.LOG_TAG + "exception saving config: ", e)
self._set_status_error(QC.translate("preferences", "Exception saving config: {0}").format(str(e)))
elif addr == "":
self._set_status_message(QC.translate("preferences", "There're no nodes connected"))
self._node_needs_update = False
def _save_node_config(self, notifObject, addr):
try:
self._set_status_message(QC.translate("preferences", "Applying configuration on {0} ...").format(addr))
@ -589,6 +679,34 @@ class PreferencesDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
return None
def _save_node_auth_config(self, config):
try:
if config.get('Authentication') == None:
self.toolBox.setItemEnabled(self.NODE_PAGE_AUTH, False)
return
authtype_idx = self.comboNodeAuthType.findData(config['Authentication']['Type'])
self.lineNodeCACertFile.setEnabled(authtype_idx >= 0)
self.lineNodeServerCertFile.setEnabled(authtype_idx >= 0)
self.lineNodeCertFile.setEnabled(authtype_idx >= 0)
self.lineNodeCertKeyFile.setEnabled(authtype_idx >= 0)
if authtype_idx >= 0:
self.lineNodeCACertFile.setText(config['Authentication']['TLSOptions']['CACert'])
self.lineNodeServerCertFile.setText(config['Authentication']['TLSOptions']['ServerCert'])
self.lineNodeCertFile.setText(config['Authentication']['TLSOptions']['ClientCert'])
self.lineNodeCertKeyFile.setText(config['Authentication']['TLSOptions']['ClientKey'])
self.checkNodeAuthSkipVerify.setChecked(config['Authentication']['TLSOptions']['SkipVerify'])
clienttype_idx = self.comboNodeAuthVerifyType.findData(config['Authentication']['TLSOptions']['ClientAuthType'])
if clienttype_idx >= 0:
self.comboNodeAuthVerifyType.setCurrentIndex(clienttype_idx)
else:
authtype_idx = 0
self.comboNodeAuthType.setCurrentIndex(authtype_idx)
except Exception as e:
print("[prefs] node auth options exception:", e)
self._set_status_error(str(e))
def _validate_certs(self):
try:
if self.comboAuthType.currentIndex() == PreferencesDialog.AUTH_SIMPLE:
@ -677,6 +795,10 @@ class PreferencesDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
def _cb_line_certs_changed(self, text):
self._changes_needs_restart = QC.translate("preferences", "Certs changed")
def _cb_node_line_certs_changed(self, text):
self._changes_needs_restart = QC.translate("preferences", "Node certs changed")
self._node_needs_update = True
def _cb_file_db_clicked(self):
options = QtWidgets.QFileDialog.Options()
fileName, _ = QtWidgets.QFileDialog.getSaveFileName(self, "", "","All Files (*)", options=options)
@ -744,6 +866,21 @@ class PreferencesDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
self.lineCertFile.setEnabled(index >= PreferencesDialog.AUTH_TLS_SIMPLE)
self.lineCertKeyFile.setEnabled(index >= PreferencesDialog.AUTH_TLS_SIMPLE)
def _cb_combo_node_auth_type_changed(self, index):
curtype = self.comboNodeAuthType.itemData(self.comboNodeAuthType.currentIndex())
#savedtype = self._cfg.getSettings(Config.AUTH_TYPE)
#if curtype != savedtype:
# self._changes_needs_restart = QC.translate("preferences", "Auth type changed")
self.lineNodeCACertFile.setEnabled(index == PreferencesDialog.AUTH_TLS_MUTUAL)
self.lineNodeServerCertFile.setEnabled(index >= PreferencesDialog.AUTH_TLS_SIMPLE)
self.lineNodeCertFile.setEnabled(index >= PreferencesDialog.AUTH_TLS_SIMPLE)
self.lineNodeCertKeyFile.setEnabled(index >= PreferencesDialog.AUTH_TLS_SIMPLE)
self.checkNodeAuthSkipVerify.setEnabled(index >= PreferencesDialog.AUTH_TLS_SIMPLE)
self.comboNodeAuthVerifyType.setEnabled(index >= PreferencesDialog.AUTH_TLS_SIMPLE)
self._node_needs_update = True
def _cb_db_max_days_toggled(self, state):
self._enable_db_cleaner_options(state, 1)

738
ui/opensnitch/res/preferences.ui
View file

@ -7,13 +7,90 @@
<x>0</x>
<y>0</y>
<width>626</width>
<height>442</height>
<height>503</height>
</rect>
</property>
<property name="windowTitle">
<string>Preferences</string>
</property>
<layout class="QGridLayout" name="gridLayout">
<item row="1" column="0">
<widget class="QLabel" name="statusLabel">
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="2" column="0">
<layout class="QHBoxLayout" name="horizontalLayout">
<item>
<widget class="QPushButton" name="helpButton">
<property name="mouseTracking">
<bool>true</bool>
</property>
<property name="toolTip">
<string/>
</property>
<property name="text">
<string/>
</property>
<property name="icon">
<iconset theme="help-browser">
<normaloff>../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../.designer/backup</iconset>
</property>
<property name="flat">
<bool>true</bool>
</property>
</widget>
</item>
<item>
<spacer name="horizontalSpacer_4">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item>
<widget class="QPushButton" name="cancelButton">
<property name="text">
<string>Close</string>
</property>
<property name="icon">
<iconset theme="window-close">
<normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</iconset>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="applyButton">
<property name="text">
<string>Apply</string>
</property>
<property name="icon">
<iconset theme="document-save">
<normaloff>../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../.designer/backup</iconset>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="acceptButton">
<property name="text">
<string>Save</string>
</property>
<property name="icon">
<iconset theme="emblem-default">
<normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</iconset>
</property>
</widget>
</item>
</layout>
</item>
<item row="0" column="0">
<widget class="QTabWidget" name="tabWidget">
<property name="sizePolicy">
@ -39,6 +116,94 @@
<string>Pop-ups</string>
</attribute>
<layout class="QGridLayout" name="gridLayout_2">
<item row="1" column="0" colspan="3">
<widget class="QLabel" name="label">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Preferred">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="toolTip">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;This timeout is the countdown you see when a pop-up dialog is shown.&lt;/p&gt;&lt;p&gt;If the pop-up is not answered, the default options will be applied.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Default timeout</string>
</property>
</widget>
</item>
<item row="1" column="3">
<layout class="QHBoxLayout" name="horizontalLayout_4">
<property name="spacing">
<number>0</number>
</property>
<item>
<widget class="QPushButton" name="cmdTimeoutUp">
<property name="sizePolicy">
<sizepolicy hsizetype="Fixed" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string/>
</property>
<property name="icon">
<iconset theme="list-add">
<normaloff>../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../.designer/backup</iconset>
</property>
<property name="flat">
<bool>true</bool>
</property>
</widget>
</item>
<item>
<widget class="QSpinBox" name="spinUITimeout">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="alignment">
<set>Qt::AlignCenter</set>
</property>
<property name="buttonSymbols">
<enum>QAbstractSpinBox::NoButtons</enum>
</property>
<property name="accelerated">
<bool>true</bool>
</property>
<property name="maximum">
<number>100</number>
</property>
<property name="value">
<number>30</number>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="cmdTimeoutDown">
<property name="sizePolicy">
<sizepolicy hsizetype="Fixed" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string/>
</property>
<property name="icon">
<iconset theme="list-remove">
<normaloff>../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../.designer/backup</iconset>
</property>
<property name="flat">
<bool>true</bool>
</property>
</widget>
</item>
</layout>
</item>
<item row="0" column="3">
<widget class="QCheckBox" name="popupsCheck">
<property name="sizePolicy">
@ -156,7 +321,7 @@
<item row="0" column="0">
<widget class="QLabel" name="label_2">
<property name="toolTip">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Pop-up default action.&lt;/p&gt;&lt;p&gt;When a new outgoing connection is about to be established, this action will be selected by default, so if the timeout fires, this is the option that will be applied.&lt;/p&gt;&lt;p&gt;&lt;br/&gt;&lt;/p&gt;&lt;p&gt;While a pop-up is asking the user to allow or deny a connection:&lt;/p&gt;&lt;p&gt;1. new outgoing connections are denied.&lt;/p&gt;&lt;p&gt;2. known connections are allowed or denied based on the rules defined by the user.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Pop-up default action.&lt;/p&gt;&lt;p&gt;When a new outgoing connection is about to be established, this action will be selected by default, so if the timeout fires, this is the option that will be applied.&lt;/p&gt;&lt;p&gt;While a pop-up is asking the user to allow or deny a connection:&lt;/p&gt;&lt;p&gt;1. the daemon's default action will be applied (see Nodes tab).&lt;/p&gt;&lt;p&gt;2. known connections are allowed or denied based on the rules defined by the user.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Action</string>
@ -382,94 +547,6 @@
</layout>
</widget>
</item>
<item row="1" column="3">
<layout class="QHBoxLayout" name="horizontalLayout_4">
<property name="spacing">
<number>0</number>
</property>
<item>
<widget class="QPushButton" name="cmdTimeoutUp">
<property name="sizePolicy">
<sizepolicy hsizetype="Fixed" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string/>
</property>
<property name="icon">
<iconset theme="list-add">
<normaloff>../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../.designer/backup</iconset>
</property>
<property name="flat">
<bool>true</bool>
</property>
</widget>
</item>
<item>
<widget class="QSpinBox" name="spinUITimeout">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="alignment">
<set>Qt::AlignCenter</set>
</property>
<property name="buttonSymbols">
<enum>QAbstractSpinBox::NoButtons</enum>
</property>
<property name="accelerated">
<bool>true</bool>
</property>
<property name="maximum">
<number>100</number>
</property>
<property name="value">
<number>30</number>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="cmdTimeoutDown">
<property name="sizePolicy">
<sizepolicy hsizetype="Fixed" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string/>
</property>
<property name="icon">
<iconset theme="list-remove">
<normaloff>../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../.designer/backup</iconset>
</property>
<property name="flat">
<bool>true</bool>
</property>
</widget>
</item>
</layout>
</item>
<item row="1" column="0" colspan="3">
<widget class="QLabel" name="label">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Preferred">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="toolTip">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;This timeout is the countdown you see when a pop-up dialog is shown.&lt;/p&gt;&lt;p&gt;If the pop-up is not answered, the default options will be applied.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Default timeout</string>
</property>
</widget>
</item>
<item row="0" column="0" colspan="3">
<widget class="QLabel" name="label_16">
<property name="text">
@ -493,6 +570,14 @@
<number>0</number>
</property>
<widget class="QWidget" name="page_5">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>586</width>
<height>270</height>
</rect>
</property>
<attribute name="label">
<string>General</string>
</attribute>
@ -564,6 +649,14 @@
</layout>
</widget>
<widget class="QWidget" name="page_6">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>586</width>
<height>270</height>
</rect>
</property>
<attribute name="label">
<string>Server</string>
</attribute>
@ -762,7 +855,7 @@
<x>0</x>
<y>0</y>
<width>586</width>
<height>238</height>
<height>209</height>
</rect>
</property>
<attribute name="label">
@ -1006,9 +1099,48 @@ Temporary rules will still be valid, and you can use them when prompted to allow
<attribute name="title">
<string>Nodes</string>
</attribute>
<layout class="QGridLayout" name="gridLayout_4" rowstretch="0,0,0,0">
<item row="1" column="0">
<widget class="QLabel" name="label_8">
<layout class="QGridLayout" name="gridLayout_4" rowstretch="0,0,0,0,0">
<item row="0" column="2">
<widget class="QCheckBox" name="checkApplyToNodes">
<property name="sizePolicy">
<sizepolicy hsizetype="Fixed" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Apply configuration to all nodes</string>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="label_9">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Ignored">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Version</string>
</property>
<property name="alignment">
<set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set>
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QComboBox" name="comboNodes">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
</widget>
</item>
<item row="2" column="2">
<widget class="QLabel" name="labelNodeVersion">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Maximum">
<horstretch>0</horstretch>
@ -1016,7 +1148,7 @@ Temporary rules will still be valid, and you can use them when prompted to allow
</sizepolicy>
</property>
<property name="text">
<string>HostName</string>
<string/>
</property>
<property name="alignment">
<set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set>
@ -1055,61 +1187,6 @@ Temporary rules will still be valid, and you can use them when prompted to allow
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="label_9">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Ignored">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Version</string>
</property>
<property name="alignment">
<set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set>
</property>
</widget>
</item>
<item row="2" column="2">
<widget class="QLabel" name="labelNodeVersion">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Maximum">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string/>
</property>
<property name="alignment">
<set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set>
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QComboBox" name="comboNodes">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
</widget>
</item>
<item row="0" column="2">
<widget class="QCheckBox" name="checkApplyToNodes">
<property name="sizePolicy">
<sizepolicy hsizetype="Fixed" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Apply configuration to all nodes</string>
</property>
</widget>
</item>
<item row="3" column="0" colspan="3">
<widget class="QToolBox" name="toolBox">
<property name="currentIndex">
@ -1121,39 +1198,17 @@ Temporary rules will still be valid, and you can use them when prompted to allow
<x>0</x>
<y>0</y>
<width>586</width>
<height>197</height>
<height>229</height>
</rect>
</property>
<attribute name="label">
<string>General</string>
</attribute>
<layout class="QGridLayout" name="gridLayout_10">
<item row="0" column="0">
<widget class="QLabel" name="label_15">
<property name="toolTip">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Address of the node.&lt;/p&gt;&lt;p&gt;Default: unix:///tmp/osui.sock (unix:// is mandatory if it's a Unix socket)&lt;/p&gt;&lt;p&gt;It can also be an IP address with the port: 127.0.0.1:50051&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Address</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QComboBox" name="comboNodeAddress">
<property name="editable">
<bool>true</bool>
</property>
<item>
<property name="text">
<string>unix:///tmp/osui.sock</string>
</property>
</item>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="label_10">
<property name="toolTip">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;The default action will take place when there's no UI connected.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;The default action will be applied to new outbound connections in two scenarios:&lt;/p&gt;&lt;p&gt;when the daemon is not connected to the UI, or when there's a pop-up running.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Default action when the GUI is disconnected</string>
@ -1163,31 +1218,6 @@ Temporary rules will still be valid, and you can use them when prompted to allow
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QComboBox" name="comboNodeAction">
<property name="editable">
<bool>false</bool>
</property>
<item>
<property name="text">
<string>deny</string>
</property>
<property name="icon">
<iconset theme="emblem-important">
<normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</iconset>
</property>
</item>
<item>
<property name="text">
<string>allow</string>
</property>
<property name="icon">
<iconset theme="emblem-default">
<normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</iconset>
</property>
</item>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="label_11">
<property name="toolTip">
@ -1217,28 +1247,29 @@ Temporary rules will still be valid, and you can use them when prompted to allow
</item>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="label_12">
<property name="toolTip">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;If checked, OpenSnitch will prompt you to allow or deny connections that don't have an associated PID, due to several reasons, mostly due to bad state connections.&lt;/p&gt;&lt;p&gt;The pop-up dialog will only contain information about the network connection.&lt;/p&gt;&lt;p&gt;There're some scenarios where these are valid connections though, like when establishing a VPN using WireGuard.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Debug invalid connections</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QCheckBox" name="checkInterceptUnknown">
<property name="text">
<string/>
</property>
</widget>
</item>
<item row="4" column="0">
<widget class="QLabel" name="label_13">
<property name="text">
<string>Process monitor method</string>
<item row="1" column="1">
<widget class="QComboBox" name="comboNodeAction">
<property name="editable">
<bool>false</bool>
</property>
<item>
<property name="text">
<string>deny</string>
</property>
<property name="icon">
<iconset theme="emblem-important">
<normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</iconset>
</property>
</item>
<item>
<property name="text">
<string>allow</string>
</property>
<property name="icon">
<iconset theme="emblem-default">
<normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</iconset>
</property>
</item>
</widget>
</item>
<item row="4" column="1">
@ -1263,6 +1294,52 @@ Temporary rules will still be valid, and you can use them when prompted to allow
</item>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="label_12">
<property name="toolTip">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;If checked, OpenSnitch will prompt you to allow or deny connections that don't have an associated PID, due to several reasons, mostly due to bad state connections.&lt;/p&gt;&lt;p&gt;The pop-up dialog will only contain information about the network connection.&lt;/p&gt;&lt;p&gt;There're some scenarios where these are valid connections though, like when establishing a VPN using WireGuard.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Debug invalid connections</string>
</property>
</widget>
</item>
<item row="4" column="0">
<widget class="QLabel" name="label_13">
<property name="text">
<string>Process monitor method</string>
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_15">
<property name="toolTip">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Address of the node.&lt;/p&gt;&lt;p&gt;Default: unix:///tmp/osui.sock (unix:// is mandatory if it's a Unix socket)&lt;/p&gt;&lt;p&gt;It can also be an IP address with the port: 127.0.0.1:50051&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Address</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QCheckBox" name="checkInterceptUnknown">
<property name="text">
<string/>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QComboBox" name="comboNodeAddress">
<property name="editable">
<bool>true</bool>
</property>
<item>
<property name="text">
<string>unix:///tmp/osui.sock</string>
</property>
</item>
</widget>
</item>
</layout>
</widget>
<widget class="QWidget" name="page_2">
@ -1270,8 +1347,8 @@ Temporary rules will still be valid, and you can use them when prompted to allow
<rect>
<x>0</x>
<y>0</y>
<width>376</width>
<height>118</height>
<width>586</width>
<height>229</height>
</rect>
</property>
<attribute name="label">
@ -1401,6 +1478,146 @@ Temporary rules will still be valid, and you can use them when prompted to allow
</item>
</layout>
</widget>
<widget class="QWidget" name="page_7">
<attribute name="label">
<string>Authentication</string>
</attribute>
<layout class="QGridLayout" name="gridLayout_15">
<item row="5" column="0">
<widget class="QLineEdit" name="lineNodeCertFile">
<property name="placeholderText">
<string>Absolute path to the cert file</string>
</property>
</widget>
</item>
<item row="2" column="0">
<layout class="QHBoxLayout" name="horizontalLayout_7">
<item>
<widget class="QLabel" name="label_25">
<property name="toolTip">
<string>&lt;p&gt;Simple: no authentication, TLS simple/mutual: use SSL certificates to authenticate nodes.&lt;/p&gt;&lt;p&gt;Visit the wiki for more information.&lt;/p&gt;</string>
</property>
<property name="text">
<string>Authentication type</string>
</property>
</widget>
</item>
<item>
<widget class="QComboBox" name="comboNodeAuthType">
<property name="sizePolicy">
<sizepolicy hsizetype="Maximum" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<item>
<property name="text">
<string>Simple</string>
</property>
</item>
<item>
<property name="text">
<string>Simple TLS</string>
</property>
</item>
<item>
<property name="text">
<string>Mutual TLS</string>
</property>
</item>
</widget>
</item>
</layout>
</item>
<item row="3" column="0">
<widget class="QLineEdit" name="lineNodeCACertFile">
<property name="placeholderText">
<string>Absolute path to the CA cert file</string>
</property>
</widget>
</item>
<item row="8" column="0">
<layout class="QHBoxLayout" name="horizontalLayout_6">
<item>
<widget class="QCheckBox" name="checkNodeAuthSkipVerify">
<property name="text">
<string>Don't verify certs</string>
</property>
</widget>
</item>
<item>
<widget class="QComboBox" name="comboNodeAuthVerifyType">
<item>
<property name="text">
<string>no-client-cert</string>
</property>
</item>
<item>
<property name="text">
<string>req-cert</string>
</property>
</item>
<item>
<property name="text">
<string>req-any-cert</string>
</property>
</item>
<item>
<property name="text">
<string>verify-cert</string>
</property>
</item>
<item>
<property name="text">
<string>req-and-verify-cert</string>
</property>
</item>
</widget>
</item>
</layout>
</item>
<item row="6" column="0">
<widget class="QLineEdit" name="lineNodeCertKeyFile">
<property name="placeholderText">
<string>Absolute path to the cert key file</string>
</property>
</widget>
</item>
<item row="4" column="0">
<widget class="QLineEdit" name="lineNodeServerCertFile">
<property name="placeholderText">
<string>Absolute path to the server cert file</string>
</property>
</widget>
</item>
<item row="9" column="0">
<widget class="QLabel" name="label_26">
<property name="text">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;&lt;a href=&quot;https://github.com/evilsocket/opensnitch/wiki/Nodes-authentication#nodes-authentication-added-in-v161&quot;&gt;&lt;span style=&quot; text-decoration: underline; color:#0000ff;&quot;&gt;More information&lt;/span&gt;&lt;/a&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="textInteractionFlags">
<set>Qt::LinksAccessibleByMouse|Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
</layout>
</widget>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="label_8">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Maximum">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>HostName</string>
</property>
<property name="alignment">
<set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set>
</property>
</widget>
</item>
</layout>
@ -1705,83 +1922,6 @@ Temporary rules will still be valid, and you can use them when prompted to allow
</widget>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="statusLabel">
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="2" column="0">
<layout class="QHBoxLayout" name="horizontalLayout">
<item>
<widget class="QPushButton" name="helpButton">
<property name="mouseTracking">
<bool>true</bool>
</property>
<property name="toolTip">
<string/>
</property>
<property name="text">
<string/>
</property>
<property name="icon">
<iconset theme="help-browser">
<normaloff>../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../.designer/backup</iconset>
</property>
<property name="flat">
<bool>true</bool>
</property>
</widget>
</item>
<item>
<spacer name="horizontalSpacer_4">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item>
<widget class="QPushButton" name="cancelButton">
<property name="text">
<string>Close</string>
</property>
<property name="icon">
<iconset theme="window-close">
<normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</iconset>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="applyButton">
<property name="text">
<string>Apply</string>
</property>
<property name="icon">
<iconset theme="document-save">
<normaloff>../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../.designer/backup</iconset>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="acceptButton">
<property name="text">
<string>Save</string>
</property>
<property name="icon">
<iconset theme="emblem-default">
<normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</normaloff>../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.designer/backup</iconset>
</property>
</widget>
</item>
</layout>
</item>
</layout>
</widget>
<resources/>