45 commits

Author	SHA1	Message	Date
Gustavo Iñiguez Goia	b547067f61	close nfqueue descriptors gracefully ... When the daemon is stopped, we need to close opened netfilter recurses. Otherwise we can fall into a situation where we leave NFQUEUE queues opened, which causes opensnitch to not run anymore until system restart or a manual intervention, because there's a NFQUEUE queue already created with the same ID. This is what was happening as a collateral effect of #41.	2020-07-17 01:29:58 +02:00
Gustavo Iñiguez Goia	a5994b0c4f	stop receiving notifications properly ... Under certain circunstances, the notifications goroutine entered into an infinite loop.	2020-07-06 18:49:58 +02:00
Gustavo Iñiguez Goia	fc2212f073	return better errors if a regexp rule fails to compile ... If a regexp rule fails to compile, return the reason instead of a generic error. It'll help to debug problems.	2020-06-19 18:02:09 +02:00
Gustavo Iñiguez Goia	b03bbf0506	fixed race conditions setting log level and monitor methods	2020-06-14 20:14:24 +02:00
Gustavo Iñiguez Goia	a1bba4da3f	send on new connection CWD and envrionment vars of the process ... CWD allow us to know from where was a process executed. The environment variables allows to know more about a process execution.	2020-06-04 01:14:25 +02:00
Gustavo Iñiguez Goia	78c0da83c0	increase default timeout to ask for a rule ... Explained here: https://github.com/gustavo-iniguez-goya/opensnitch/issues/28#issuecomment-637484501	2020-06-04 00:38:11 +02:00
Gustavo Iñiguez Goia	36a11b4102	don't configure log level if the item does not exist in the config ... Reported here: https://github.com/gustavo-iniguez-goya/opensnitch/issues/31#issuecomment-633759613 The LogLevel conf item should always exist, but just in case.	2020-06-01 01:54:08 +02:00
Gustavo Iñiguez Goia	558e511718	delete rules by its name without deserializing	2020-05-30 01:44:22 +02:00
Gustavo Iñiguez Goia	6bbf3b33be	misc: sources formatting	2020-05-30 01:36:43 +02:00
Gustavo Iñiguez Goia	1331bcb91f	Reload config after changing it from the UI. ... closes #20	2020-05-18 01:07:09 +02:00
Gustavo Iñiguez Goia	85699622f6	Added logic to handle changes/notifications from the GUI. ... - Allow to perform the following actions from the GUI: * Load/unload firewall (i.e.: interception) * Change daemon default configuration. * Enable/disable rules. * Delete rules. * Change/Add rules. * Change log level.	2020-05-10 17:44:56 +02:00
Gustavo Iñiguez Goia	a39a2000fd	return error if the daemon configuration can not be saved	2020-05-10 17:20:27 +02:00
Gustavo Iñiguez Goia	43898bc4c9	Allow to configure if a rule is enabled or not.	2020-05-10 17:17:05 +02:00
Gustavo Iñiguez Goia	6ee80b1640	Allow to change settings from the UI ... (1/2) We start receiving notifications from the UI, which allow us to change configurations and perform actions on the daemon. The concept of Node has also been introduced, which identifies every daemon (client) connected to the UI (server). These options has been added: - Enable/Disable firewall interception (for all nodes) - Change daemons (clients) configuration. globally or per node. - Change prompt dialog options. We have fixed some bugs along the way: - Close audit client connection gracefully. - Exclude our own connections from being intercepted. - Better handling of client connection status with the UI. We probably has also introduced some other bugs (not listed here).	2020-04-19 20:13:31 +02:00
Gustavo Iñiguez Goia	4a7607a323	removed useless debug log	2020-04-01 01:51:53 +02:00
Gustavo Iñiguez Goia	e85a41ca0f	allow to configure process monitor method in daemon config ... Added ProcMonitorMethod, which can be "proc", "ftrace" or "audit". Parameters passed by command line take prevalence over default configuration. breaking changes: config options changed from xx_yy to XxYy. Config example: { "DefaultAction": "allow", "DefaultDuration": "once", "InterceptUnknown": true, "ProcMonitorMethod": "audit" }	2020-03-16 01:37:33 +01:00
Gustavo Iñiguez Goia	fe8789526a	Apply default action in case of communication failure with the server ... If we can't communicate with the server (UI), apply the default configured action. For example, if the UI is doing too much work and it reaches the timeout, or if there's a programming error (python exception for instance).	2020-02-26 09:53:48 +01:00
Gustavo Iñiguez Goia	7eec749498	allow to configure unknown conns interception ... /etc/opensnitchd/default-config.json can now contain "intercept_unknown": true|false	2019-11-01 01:00:10 +01:00
Gustavo Iñiguez Goia	ce71c383a9	fixed missing funcs declarations and non used var	2019-10-21 00:04:15 +02:00
Gustavo Iñiguez Goia	dedd009204	Merge branch 'daemon_default_config' into main	2019-10-21 00:02:25 +02:00
Gustavo Iñiguez Goia	2c3339c728	Merge branch 'fix_grpc_sockets_leaks' into main	2019-10-20 23:25:21 +02:00
Gustavo Iñiguez Goia	1778a5502a	Merge branch 'fix_race_read_write_stats' into main	2019-10-20 22:28:45 +02:00
Gustavo Iñiguez Goia	a7e9b5072f	project import paths changed	2019-10-20 21:51:35 +02:00
Gustavo Iñiguez Goia	eeed991f8d	Allow to configure daemon's default action rule ... If the file /etc/opensnitchd/default-config.json exists, read it and apply the options to the default rule when there's no client connected. If it doesn't exist, just apply the default rule, allow connections once. Config example: {"default_action": "deny", "default_duration": "once"}	2019-07-02 23:41:41 +02:00
Gustavo Iñiguez Goia	e356c84baa	Fix grpc sockets leaking when connecting to a UI ... Failured connections to a UI were not being closed, so we ended up with > 1024 opened sockets, which caused the error Too many files open.	2019-06-29 13:55:44 +02:00
Gustavo Iñiguez Goia	57d1198635	Fixed race when reading and collecting stats ... When reading stats, a race can occur when sending them to remote UI via Ping()s if at the same time more stats are being collected(written).	2019-06-29 13:46:26 +02:00
Jerzy Kozera	616fef6e83	Add a 'list' rule type	2018-11-21 22:51:33 +01:00
evilsocket	149e23f879	misc: small fix or general refactoring i did not bother commenting	2018-04-08 21:03:18 +02:00
evilsocket	7e474a0514	refactored netfilter code, implemented SetVerdictAndMark method	2018-04-08 20:13:35 +02:00
evilsocket	fb5ccb03a3	added the number of loaded rules in the statistics	2018-04-08 17:20:37 +02:00
evilsocket	8009743d60	when the thc kicks in and you find a better logic, better naming, better design and new ideas	2018-04-08 15:32:20 +02:00
evilsocket	a33c463ffb	support rules with type=regexp (closes #127)	2018-04-07 13:52:25 +02:00
evilsocket	e920e85f97	added support for a tcp listener (closes #119)	2018-04-07 01:52:43 +02:00
evilsocket	36fff955c6	misc: small fix or general refactoring i did not bother commenting	2018-04-06 18:34:33 +02:00
evilsocket	5cef91e534	better protocol file manag.	2018-04-06 15:58:19 +02:00
evilsocket	314c526fc4	make the daemon log when the UI socket is available or goes down (closes #123)	2018-04-06 14:48:43 +02:00
evilsocket	f2f313c0bf	misc: small fix or general refactoring i did not bother commenting	2018-04-06 13:55:03 +02:00
evilsocket	0a26d4ea5d	misc: small fix or general refactoring i did not bother commenting	2018-04-06 01:44:15 +02:00
evilsocket	4ff210dfa6	misc: small fix or general refactoring i did not bother commenting	2018-04-05 18:30:44 +02:00
evilsocket	aa63a47bc1	misc: small fix or general refactoring i did not bother commenting	2018-04-05 16:37:51 +02:00
evilsocket	540335056b	misc: small fix or general refactoring i did not bother commenting	2018-04-03 14:51:58 +02:00
evilsocket	08da06acb7	ui service to test and benchmark gRPC IPC	2018-04-02 19:10:42 +02:00
evilsocket	b5b4a56a45	added ui ping/pong	2018-04-02 18:26:04 +02:00
evilsocket	36c9b515f1	misc: small fix or general refactoring i did not bother commenting	2018-04-02 18:11:36 +02:00
evilsocket	534ec8cd73	misc: small fix or general refactoring i did not bother commenting	2018-04-02 05:25:32 +02:00