mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

UI: improved details views, added PID field

Browse source 
- Added PID field to the details views.
- Improved details queries, grouping more fields.
- Some fields reorganized.
This commit is contained in:
Gustavo Iñiguez Goia 2020-04-27 21:37:40 +02:00
parent 039a393ab1
commit f1fd7a04eb
3 changed files with 29 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ui/opensnitch/database.py
View file

@ -59,10 +59,12 @@ class Database:
"dst_host text, " \
"dst_port text, " \
"uid text, " \
"pid text, " \
"process text, " \
"process_args text, " \
"rule text, " \
"UNIQUE(time, node, protocol, src_ip, src_port, dst_ip, dst_port, uid, process, process_args))", self.db)
"UNIQUE(time, node, action, protocol, src_ip, src_port, dst_ip, dst_port, uid, pid, process, process_args))",
self.db)
q.exec_()
q = QSqlQuery("create table if not exists rules (" \
"time text, "\

48
ui/opensnitch/dialogs/stats.py
View file

@ -415,7 +415,9 @@ class StatsDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
def _cb_table_double_clicked(self, row):
cur_idx = self.tabWidget.currentIndex()
if cur_idx == 1 and row.column() != 1:
if (cur_idx == self.TAB_RULES or cur_idx == self.TAB_NODES) and row.column() != 1:
return
if cur_idx > self.TAB_RULES and row.column() != self.COL_WHAT:
return
self.TABLES[cur_idx]['tipLabel'].setVisible(False)
@ -485,110 +487,108 @@ class StatsDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
"c.protocol as Protocol, " \
"c.dst_port as DstPort, " \
"c.dst_ip as DstIP, " \
"c.process as Process, " \
"c.process || ' (' || c.pid || ')' as Process, " \
"c.process_args as Args, " \
"count(c.process) as Hits " \
"FROM nodes as n, connections as c " \
"WHERE n.addr = '%s' %s GROUP BY c.process %s" % (data, s, self._get_order()))
"WHERE n.addr = '%s' %s GROUP BY Process, Args, UserID, DstIP, DstPort, Protocol, Status %s" % (data, s, self._get_order()))
def _set_rules_query(self, data):
model = self._get_active_table().model()
self.setQuery(model, "SELECT " \
"c.time as Time, " \
"c.node as Node, " \
"r.name as RuleName, " \
"count(c.process) as Hits, " \
"r.action as Action, " \
"r.duration as Duration, " \
"c.uid as UserID, " \
"c.protocol as Protocol, " \
"c.dst_port as DstPort, " \
"c.dst_ip as DstIP, " \
"c.dst_host as DstIP, " \
"c.process as Process, " \
"c.process_args as Args, " \
"count(c.process) as Hits " \
"c.process_args as Args " \
"FROM rules as r, connections as c " \
"WHERE r.Name = '%s' AND r.Name = c.rule GROUP BY c.process,c.dst_host %s" % (data, self._get_order()))
"WHERE r.Name = '%s' AND r.Name = c.rule GROUP BY Process, Args, UserID, DstIP, DstPort, Node %s" % (data, self._get_order()))
def _set_hosts_query(self, data):
model = self._get_active_table().model()
self.setQuery(model, "SELECT " \
"c.time as Time, " \
"c.node as Node, " \
"count(c.process) as Hits, " \
"c.action as Action, " \
"c.uid as UserID, " \
"c.protocol as Protocol, " \
"c.dst_port as DstPort, " \
"c.dst_ip as DstIP, " \
"c.process as Process, " \
"c.process || ' (' || c.pid || ')' as Process, " \
"c.process_args as Args, " \
"count(c.process) as Hits, " \
"c.rule as Rule " \
"FROM hosts as h, connections as c " \
"WHERE c.dst_host = h.what AND h.what = '%s' GROUP BY c.process %s" % (data, self._get_order()))
"WHERE c.dst_host = h.what AND h.what = '%s' GROUP BY c.pid, Process, Args, DstIP, DstPort, Protocol, Action, Node %s" % (data, self._get_order()))
def _set_process_query(self, data):
model = self._get_active_table().model()
self.setQuery(model, "SELECT " \
"c.time as Time, " \
"c.node as Node, " \
"count(c.dst_host) as Hits, " \
"c.action as Action, " \
"c.uid as UserID, " \
"c.dst_host || ' -> ' || c.dst_port as Destination, " \
"c.process as Process, " \
"c.pid as PID, " \
"c.process_args as Args, " \
"count(c.dst_host) as Hits, " \
"c.rule as Rule " \
"FROM procs as p, connections as c " \
"WHERE p.what = c.process AND p.what = '%s' GROUP BY c.dst_host %s" % (data, self._get_order()))
"WHERE p.what = c.process AND p.what = '%s' GROUP BY c.dst_ip, c.dst_port, UserID, Action, Node %s" % (data, self._get_order()))
def _set_addrs_query(self, data):
model = self._get_active_table().model()
self.setQuery(model, "SELECT " \
"c.time as Time, " \
"c.node as Node, " \
"count(c.dst_ip) as Hits, " \
"c.action as Action, " \
"c.uid as UserID, " \
"c.protocol as Protocol, " \
"c.dst_port as DstPort, " \
"c.process as Process, " \
"c.process || ' (' || c.pid || ')' as Process, " \
"c.process_args as Args, " \
"count(c.dst_ip) as Hits, " \
"c.rule as Rule " \
"FROM addrs as a, connections as c " \
"WHERE c.dst_ip = a.what AND a.what = '%s' GROUP BY c.dst_ip %s" % (data, self._get_order()))
"WHERE c.dst_ip = a.what AND a.what = '%s' GROUP BY c.pid, Process, Args, DstPort, Protocol, Action, UserID, Node %s" % (data, self._get_order()))
def _set_ports_query(self, data):
model = self._get_active_table().model()
self.setQuery(model, "SELECT " \
"c.time as Time, " \
"c.node as Node, " \
"count(c.dst_ip) as Hits, " \
"c.action as Action, " \
"c.uid as UserID, " \
"c.protocol as Protocol, " \
"c.dst_ip as DstIP, " \
"c.dst_port as DstPort, " \
"c.process as Process, " \
"c.process || ' (' || c.pid || ')' as Process, " \
"c.process_args as Args, " \
"count(c.dst_ip) as Hits, " \
"c.rule as Rule " \
"FROM ports as p, connections as c " \
"WHERE c.dst_port = p.what AND p.what = '%s' GROUP BY c.dst_ip %s" % (data, self._get_order()))
"WHERE c.dst_port = p.what AND p.what = '%s' GROUP BY c.pid, Process, Args, DstIP, Protocol, Action, UserID, Node %s" % (data, self._get_order()))
def _set_users_query(self, data):
model = self._get_active_table().model()
self.setQuery(model, "SELECT " \
"c.time as Time, " \
"c.node as Node, " \
"count(c.dst_ip) as Hits, " \
"c.action as Action, " \
"c.protocol as Protocol, " \
"c.dst_ip as DstIP, " \
"c.dst_port as DstPort, " \
"c.process as Process, " \
"c.process || ' (' || c.pid || ')' as Process, " \
"c.process_args as Args, " \
"count(c.dst_ip) as Hits, " \
"c.rule as Rule " \
"FROM users as u, connections as c " \
"WHERE u.what = '%s' AND u.what LIKE '%%(' || c.uid || ')' GROUP BY c.dst_ip %s" % (data, self._get_order()))
"WHERE u.what = '%s' AND u.what LIKE '%%(' || c.uid || ')' GROUP BY c.pid, Process, Args, DstIP, DstPort, Protocol, Action, Node %s" % (data, self._get_order()))
def _on_save_clicked(self):
tab_idx = self.tabWidget.currentIndex()

4
ui/opensnitch/service.py
View file

@ -290,10 +290,10 @@ class UIService(ui_pb2_grpc.UIServicer, QtWidgets.QGraphicsObject):
continue
need_refresh=True
db.insert("connections",
"(time, node, action, protocol, src_ip, src_port, dst_ip, dst_host, dst_port, uid, process, process_args, rule)",
"(time, node, action, protocol, src_ip, src_port, dst_ip, dst_host, dst_port, uid, pid, process, process_args, rule)",
(str(datetime.now()), addr, event.rule.action, event.connection.protocol, event.connection.src_ip, str(event.connection.src_port),
event.connection.dst_ip, event.connection.dst_host, str(event.connection.dst_port),
str(event.connection.user_id), event.connection.process_path, " ".join(event.connection.process_args),
str(event.connection.user_id), str(event.connection.process_id), event.connection.process_path, " ".join(event.connection.process_args),
event.rule.name),
action_on_conflict="IGNORE"
)