Up until now it when changing the node address, you changed the server
adress as well (i.e: the address where the GUI is listening for
connections).
This simplified configuration when you had 1 node and addresses were
changed at the same time. But in other situations, you were not able to
change the server (GUI) address from the Preferences dialog.
So now:
- the address of each node is changed from the Nodes tab.
- the address of the server (GUI) is changed from the UI tab.
When there were no nodes connected, we disabled the global fw button
that enables/disables the fw.
Unfortunately when a node connected to the GUI, this button was not
clickable anymore.
When disabling the fw, we change the default input and output policy to
Accept, not to block connections.
Due to a problem reloading the fw in the daemon, the policy was not
changed as expected.
This problem must be fixed in the daemon, but for the time being,
sending two configuration changes solves the issue (one for changing the
policy, and another one for disabling the fw).
Closes: #1225
When a popup was displayed to the user, if they took more than 120s to
respond, the address of the node was lost.
This is because the daemon has hardcoded a max timeout of 120s. If it
fires, the call to AskRule is closed and the context is lost.
In this situation, save the address of the node at the start of AskRule,
so we can reuse it later.
Closes: #1219
- Calculate the ram usage of a process in the daemon, using the page
size of the system.
- Added new functions to read some details of a process, so we can use
them in other parts of the code.
Added new task to monitor the resources of remote nodes, like
ram, swap, number of processes or load average of the system.
The task is initiated when the user selects a node, and the data
received from the node is added to the right panel of the Nodes tab.
The task is stopped when changing to another tab, or when deselecting a
node.
Particularly useful for monitoring remote nodes.
daemon tasks are actions that are executed in background by the daemon.
They're started from the GUI (server) via a Notification (protobuf),
with the type TASK_START (protobuf).
Once received in the daemon, the TaskManager starts the task in
background.
Tasks may run at interval times (every 5s, 2days, etc), until they
finish an operation, until a timeout, etc.
Each task has each own configuration options, which will customize the
behaviour of its operations.
In this version, if the GUI is closed, the daemon will stop all the
running tasks.
Each Task has a flag to ignore this behaviour, for example if they need
to run until they finish and only send a notification to the GUI,
instead of streaming data continuously to the GUI (server).
- Up until now we only had one task that could be initiated from the GUI:
the process monitor dialog. It has been migrated to a Task{}.
- go.mod bumped to v1.20, to use unsafe string functions.
- go.sum updated accordingly.
When filtering by checksum and the checksum of a rule changes, we
display a warning on the popup, indicating that something happened.
The user had the option to update the checksum of one rule, directly
from the popup.
Now there's a new button to update all the rules that have a checksum as
filtering parameter.
When creating/editing rules to filter by lists of nets/IPs/domains, we
check if the path entered is a directory.
However on remote nodes, the path may not exist where the GUI is
running, but be valid where the daemon is running.
Now we only check the path if the node where it's being configured is
local.
Closes#1174
Up until now we had a way of customizing the views, by defining
"actions". See for context cba52cf3d8
The configuration syntax has not changed, but now every "action" is a
python plugin, for example when loading this configuration:
{
"name": "commonDelegateConfig",
"actions": {
"highlight": {
"enabled": true,
"cells": [
{
"text": ["allow", "✓ online"],
"color": "white",
"bgcolor: "green",
we'll try to load "highlight" as plugin, which should exist under
opensnitch/plugins/highligh/highlight.py
Three new plugins has been added:
- Highlight: colorize cells or rows based on patterns.
- Downloader: a simple downloader which downloads files to local
directories, for example to download blocklists.
- Virustotal: a plugin to analyze IPs, domains and checksums with the
API of virustotal when a new popup is fired.
There're 3 points where the plugins are configured and executed:
- opensnitch/service.py - _load_plugins() (background/global plugins)
- opensnitch/dialogs/prompt/__init__.py - _configure_plugins(), _post_popup_plugins()
- opensnitch/dialogs/processdetails.py - _configure_plugins()
Plugins can't be configured from the GUI (yet).
For more details, read:
opensnitch/plugins/__init__.py
opensnitch/actions/__init__.py
opensnitch/plugins/downloader/downloader.py
opensnitch/plugins/virustotal/virustotal.py
Since the name of the rule is used for the file name on the disk,
certain characters caused issues when saving the rule, like '/'.
Now if the user types or pastes '/' in the name field, a warning is
displayed, indicating that some characters are not allowed.
Closes#1166
When exporting rules, use rfc3339 format for the Created field.
We were exporting as timestamp, which caused issues when importing them.
Related:
58aa979cae
issue #1140
pyinotify has stopped working in python3.12, it fails loading with the
error:
ModuleNotFoundError: No module named 'asyncore'
For now, ignore this error and keep working as usual.
Applications icons will be loaded on GUI startup, but we loose the
ability of discovering the icons of applications while the GUI is
running.
Closes: #1132
Allow to configure from the preferences dialog:
- max stats and events.
- rules path (use default path if empty).
- internal GC percentage, flush connections on start.
Disabled daemon's DefaultDuration option when the daemon is not
connected to the server (GUI). By default is "once".
Improved configuration parsing.
Minor improvements to display status messages.
- Added "More information" label to the preferences dialog, and open a
link to our wiki with more information.
- Allow to configure node auth settings from the GUI:
When we added the authentication options (12b4cf3104,
6556eed1ae, f63d9dce72)
we allowed to configure auth options from the GUI, but only if the
nodes already had the options configured. If the auth options
received were empty, we simply disabled the auth options on the
preferences dialog.
Now we build the configuration in this scenario, and sent it back to
the nodes.
We only offered two options for the DefaultAction option: allow/deny.
Since a long time ago we support "reject"ing connections, but it was not
configurable as the DefaultAction.
Closes: #1108
If the pop-ups' target is to filter by cmdline, but the typed/launched
command is not absolute or it starts with /proc, also filter by the
absolute path to the binary.
If the path of a process starts with /tmp/.mount_*, which is the common
path for appimages, use it as the default target on the popups.
Previously it was only added to the list of targets, but preselecting it
will help users to create rules for appimages.
