mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
632 commits 11 branches 43 tags 36 MiB
Commit graph

632 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gustavo Iñiguez Goia
2c7472f06d firewall: check rules every 5s 
Every 5s check if our rules are loaded, and if they aren't, add them
again.
 2020-02-22 00:27:35 +01:00
Gustavo Iñiguez Goia
7f2f40b64d UI, stats: display dst_port on process details view 2020-02-21 00:57:11 +01:00
Gustavo Iñiguez Goia
8b579ece28 procmon: split cache functionality to a new file 2020-02-20 09:58:19 +01:00
Gustavo Iñiguez Goia
848f72de68 Fixed netlink socket querying 
man sock_diag:
"If the nlmsg_flags field of the struct nlmsghdr header has the
NLM_F_DUMP flag set, it means that a list of sockets is being
requested; otherwise it is a query about an individual socket."
 2020-02-20 01:45:02 +01:00
Gustavo Iñiguez Goia
189cffb00f Merge UI crash fixes and improvements 2020-02-20 00:27:45 +01:00
Gustavo Iñiguez Goia
8d88a4c13a Fixed advanced button height on some systems 
Like Ubuntu Mate 16.04
 2020-02-20 00:23:32 +01:00
Gustavo Iñiguez Goia
6ae1857538 Fixed prompt dialog exception and improved backward compatibility 
Improved compatibility with old regex lib versions.
Fixed exception.
 2020-02-19 23:14:25 +01:00
Gustavo Iñiguez Goia
b409eca0ed Fixed UI crash when configuring high dpi scaling on some systems 
On LinuxMint18 even with a compatible PyQt lib, it crashes, so just
don't set this option.
 2020-02-19 01:04:58 +01:00
Gustavo Iñiguez Goia
7ca2044f96 Merge UI License, MANIFEST.in and setup.py 2020-02-18 23:43:14 +01:00
Gustavo Iñiguez Goia
7eb0b6da30 UI: added license, long description and distribute icons 2020-02-18 23:40:07 +01:00
Gustavo Iñiguez Goia
9529830010 Improved UI deb package generation 
This is highly experimental and not Debian compliant.
We'll keep improving it over time.
 2020-02-18 23:30:56 +01:00
Gustavo Iñiguez Goia
d46d50a58d Bump version to v1.0.0rc3 2020-02-18 10:49:30 +01:00
Gustavo Iñiguez Goia
75db31c98d Bump debian package version to 1.0.0rc3 2020-02-18 10:48:47 +01:00
Gustavo Iñiguez Goia
f88b78d5bb Improved UI debian package and bump version to rc3 
Removed some dependencies, and ask to install via pip.
Added copyright file.
 2020-02-18 10:47:17 +01:00
Gustavo Iñiguez Goia
a13f42d98b netlink: fixed connections querying 
also code simplified.
 2020-02-18 02:05:15 +01:00
Gustavo Iñiguez Goia
25c27511e1 Improved PIDs searching and sorting 
Accuracy and reliability improved.
 2020-02-17 23:39:26 +01:00
Gustavo Iñiguez Goia
19a5811f3b Merge UI fix to allow/deny second-level domains 2020-02-17 01:37:29 +01:00
Gustavo Iñiguez Goia
f696cf9141 Added option to allow/deny second level domains 
Added option to allow or deny domains like 'examle.com', otherwise the
regex added a dot (.*\.example\.com) which didn't match the connection.
 2020-02-17 01:31:37 +01:00
Gustavo Iñiguez Goia
be7ffbc54b Improved PIDs searching in /proc 
Improved and reorganized code.
 2020-02-17 01:17:28 +01:00
Gustavo Iñiguez Goia
d6180b8943 Merge UI regex patterns fix 
As commented here #4
 2020-02-15 01:02:45 +01:00
Gustavo Iñiguez Goia
7a7c1fb34b Fixed regex patterns shown in the UI combobox 
Parse correctly DNS queries with the format 1.2.3.4 (x.host.com)
 2020-02-15 00:33:43 +01:00
Gustavo Iñiguez Goia
6646ee469a Accept response from netlink just if inode is valid 
Sometimes we get wrong values for Uid field, so just check if the inode
field is valid to accept the response from netlink.
 2020-02-15 00:22:37 +01:00
Gustavo Iñiguez Goia
9207465d58 Do not panic if we can't parse a Regex type rule 
If for some reason a Regex type rule can not be parsed, opensnitchd
panics and exit. We drop regex.MustCompile() in favor of
regex.Compile(), and in case of failure we just drop the packet.

In either case, the daemon should not panic but it should not received
an invalid rule either, specially from the UI.

Closes #4
 2020-02-14 23:15:14 +01:00
Gustavo Iñiguez Goia
a4a5637a22 Fixed errors 
Typos were made.
 2020-02-13 23:19:15 +01:00
Gustavo Iñiguez Goia
1e2f9aa124 Find pid of a process in /proc if debugfs is unavailable 
debugfs is not always available due to different reasons:
https://github.com/evilsocket/opensnitch/issues/214
https://github.com/evilsocket/opensnitch/issues/276

Fallback to /proc parsing, although procfs could also be not available.

Easily testable by unmounting debugfs (umount debugfs) and launch
opensnitchd. It should work as expected.
 2020-02-13 23:08:58 +01:00
Gustavo Iñiguez Goia
d5b7c597ae Fixed typo in netlink parameter 
Thanks to @Ph0rk0z for pointing it out.
 2020-02-13 10:01:22 +01:00
Gustavo Iñiguez Goia
54bb5dcca5 Fixed and improved netlink communications 
Fixed invalid uid.
Fixed/improved netlink sockets querying.
 2020-02-12 22:52:24 +01:00
Gustavo Iñiguez Goia
a6ff8d2c4f Prioritize cache pids with active connections 
Processes with active connections are the most likely to be the latest
modified ones in /proc, thus sort cache pids by time speeds up pids cache
searching. From several ms to us.
 2020-02-12 22:20:26 +01:00
Gustavo Iñiguez Goia
489b64730a Sort process descriptors by modified time 
When parsing /proc/<pid>/fd/ looking for sockets, latest
modified/created descriptors are the most likely to have
generated connections.

This way we decrease the parsing time, system load and speed up process name
retrieval.
 2020-02-11 21:32:48 +01:00
Gustavo Iñiguez Goia
3ec0ec60a9 Unified UI config files 
Originally UI config file was saved to ~/.opensnitch/ui-config.json

Now those values are saved to ~/.config/opensnitch/settings.conf, along
with new ones.

Closes #3
 2020-02-09 21:04:19 +01:00
Gustavo Iñiguez Goia
1e6d2c0b67 Unified UI config files 
Originally UI config file was saved to ~/.opensnitch/ui-config.json

Now those values are saved to ~/.config/opensnitch/settings.conf, along
with new ones.

Closes #3
 2020-02-09 20:56:26 +01:00
Gustavo Iñiguez Goia
8782b77625 Allow to compile the daemon with outdated libnetfilter-queue 
On Ubuntu 18.04 the libnetfilter-queue is not the latest one (1.0.3) and
it doesn't have UID/GID support.
 2020-02-09 19:28:27 +01:00
Gustavo Iñiguez Goia
6b77ce1346 Added UI alerts to warn about unanswered connections 2020-02-07 21:55:29 +01:00
Gustavo Iñiguez Goia
721e356ad6
Update README.md 2020-02-07 16:17:30 +01:00
Gustavo Iñiguez Goia
41a320efac
Update README.md 2020-02-07 12:47:36 +01:00
Gustavo Iñiguez Goia
a5f8d5b25d Display an alert when a new connection is not answered 
When the computer is on but you are away, you may miss some prompt
dialogs to allow or deny a connection. This way we warn the user about
something that happened, in order to review the UI.

Further work should maybe count and display the number of a connection,
and perhaps display a max of 5 different events.

It should also desirable to display a small number over the app icon.
 2020-02-07 10:18:54 +01:00
Gustavo Iñiguez Goia
700b540432 Bump UI version to v1.0.0-rc2 2020-02-07 10:17:04 +01:00
Gustavo Iñiguez Goia
a6fa494789 Expand prompt dialog Dst IP Combo Box 
It should span 2 columns
 2020-02-07 00:16:14 +01:00
Gustavo Iñiguez Goia
8e6d901ae4 Added Action and Duration columns to GUI Rules tab 2020-02-07 00:15:31 +01:00
Gustavo Iñiguez Goia
8fc2c5d55f Added UI debian/ files for packaging 
Work needed.
 2020-02-06 23:54:36 +01:00
Gustavo Iñiguez Goia
8c01d43d45 Workaround to stop and disable service on uninstalling 
dh_installsystemd seems to not work for me, so use this WA for now
 2020-02-06 23:54:36 +01:00
Gustavo Iñiguez Goia
998106ef24 Added missing debian/rules 2020-02-06 23:54:36 +01:00
Gustavo Iñiguez Goia
7d138e29a3 Removed UI code and try to resolve service problems 2020-02-06 23:54:36 +01:00
Gustavo Iñiguez Goia
e906bcb2ed Bump version to v1.0.0-rc2 2020-02-06 23:54:36 +01:00
Gustavo Iñiguez Goia
7d330f24d9 Bump version to 1.0.0-rc2 2020-02-05 00:57:06 +01:00
Gustavo Iñiguez Goia
793afefbb1 Expand prompt dialog Dst IP Combo Box 
It should span 2 columns
 2020-02-05 00:54:40 +01:00
Gustavo Iñiguez Goia
b60b78a3b2 Added Action and Duration columns to GUI Rules tab 2020-02-05 00:47:39 +01:00
Gustavo Iñiguez Goia
a978f405fc Fixed missing returned value 2020-02-05 00:26:32 +01:00
Gustavo Iñiguez Goia
847f7e2bec Added debian/ directory to generate deb packages 2020-02-04 23:59:50 +01:00
Gustavo Iñiguez Goia
695b5232f4 help stdeb to distribute resources files 2020-02-04 22:06:55 +01:00