mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
1622 commits 11 branches 43 tags 36 MiB
Commit graph

1622 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gustavo Iñiguez Goia
aa71b7d9f6
ui, prefs: fixed exception loading outdated config 
Be sure that users with outdated default-config.json files can load and
save the configuration (those without LogUTC).
 2023-06-15 01:07:20 +02:00
Gustavo Iñiguez Goia
000a2f1848
avoid notifications errors when saving config 
- fsnotify notifies 2 WRITE events sometimes (known bug), which leads to
read 0 bytes one of the times.

As now we send these errors to the GUI, on some systems we were
displaying an error reading the config, which was not really the case.

- Only parse the config before writing it to disk, instead of call the
  load() method.
 2023-06-15 00:50:07 +02:00
Gustavo Iñiguez Goia
77c3cf4512
fw rules: beautify rules escription 
make it more nftables style:
 ip daddr 127.0.0.1 tcp dport 53 accept
instead of:
 ip daddr == 127.0.0.1 tcp dport == 53 accept

It'll be easier to translate our rules to nftables rules in this way.
 2023-06-14 17:31:12 +02:00
Gustavo Iñiguez Goia
9bad34bb16
changed default config permissions on saving 
- Changed default permissions of default-config.json, system-fw.json
 - Changed bool values by constants.
 2023-06-14 12:10:19 +02:00
Gustavo Iñiguez Goia
cc2b4f5824
ui,fw: don't allow empty rules 2023-06-14 01:27:40 +02:00
Gustavo Iñiguez Goia
d4bdfed1d1
ui,fw: fixed loading ct, quota, limit and meta statements 2023-06-14 01:16:06 +02:00
Gustavo Iñiguez Goia
e60b443c60
ui,fw: fixed setting dport/sport statement title 2023-06-13 15:10:28 +02:00
Gustavo Iñiguez Goia
1c90a51dbb
ui,fw: fixed adding dpotr/sport rule 
When changing between dport and sport, the rule was not being added.
 2023-06-13 14:02:19 +02:00
Gustavo Iñiguez Goia
5b7d2a2cbc
ui,fw: new rules creation fixes 
- Fixed setting the protocol of a dport/sport statement.
- Fixed translating ports to service name, and back (/etc/service).
- Enable Save button when modifying the description of a rule.
 2023-06-13 12:29:33 +02:00
Gustavo Iñiguez Goia
1dd74b9573
sponsors list updated 2023-06-12 20:01:55 +02:00
Gustavo Iñiguez Goia
62dcfb0f53
addded donations section 2023-06-12 16:19:10 +02:00
Gustavo Iñiguez Goia
53c7850c17
adding new sponsor link 
See #967
 2023-06-12 14:14:39 +02:00
Gustavo Iñiguez Goia
173e61b65a
ui: fixed displaying flatpak icons 
Closes: #956
 2023-06-12 00:14:40 +02:00
Gustavo Iñiguez Goia
e1afd24dbf
log: fixed logging service 
A default value was preventing from writing logs to the configured file.

+ Changed a couple of locks by rlocks.
 2023-06-09 17:43:32 +02:00
Gustavo Iñiguez Goia
2ad38fbf05
ui: set default rules editor button to Save 
Closes #963
 2023-06-09 13:16:55 +02:00
Gustavo Iñiguez Goia
a7e64b0374
new script to restart the daemon after suspend 
There's a bug when coming back from suspend state, that causes eBPF proc
monitor method stop working.

The only solution to this problem for now, is restart the daemon every
time the computer wakes up.

See: https://github.com/evilsocket/opensnitch/discussions/834#discussioncomment-5712431).
 2023-06-08 17:25:29 +02:00
Gustavo Iñiguez Goia
06816816a1
Merge pull request #959 from lainedfles/daemon_log_flags 
Introduce 2 new daemon logging options: LogUTC & LogMicro.
 2023-06-06 11:33:27 +02:00
selfdenial
52c23ffd5d Introduce 2 new daemon logging options: LogUTC & LogMicro. 2023-06-05 20:46:42 -06:00
Gustavo Iñiguez Goia
d0ca706de8
Merge pull request #958 from lainedfles/max_message_length 
Add non-gui setting for gRPC server max_message_length.
 2023-06-05 23:13:43 +02:00
selfdenial
9a89ad98b9 Use if statements instead of match/case to set max_message_length. 2023-06-05 10:21:08 -06:00
selfdenial
f6623fad95 Add non-gui setting for gRPC server max_message_length. 2023-06-03 23:29:40 -06:00
Gustavo Iñiguez Goia
102b65e6c3
added new generic remote logger and new formats 
- Added new generic remote logger to send events to remote servers.
- Added new formats RFC3164 and JSON.

Configuration example to send events to logstash using the tcp input
plugin, in json format:
 "Loggers": [
    {
        "Name": "remote",
        "Server": "127.0.0.1:3333",
        "Protocol": "tcp",
        "Workers": 5,
        "Format": "json",
        "Tag": "opensnitch"
    },
 ]

logstash configuration, saving events under document.*:
 input {
    tcp {
        port => 3333
        codec => json_lines {
            target => "[document]"
        }
    }
 }

You can also use the syslog input plugin:
 "Loggers": [
    {
        "Name": "remote",
        "Server": "127.0.0.1:5140",
        "Protocol": "tcp",
        "Workers": 5,
        "Format": "rfc3164",
        "Tag": "opensnitch"
    },
 ]

logstash's syslog input plugin configuration:
 input {
    syslog {
        port => 5140
    }
}

Note: you'll need a grok filter to parse and extract the fields.

See: #947
 2023-05-29 13:49:38 +02:00
Gustavo Iñiguez Goia
89dc6abbcd
loggers: remote syslog, rfc5424 format improvements 
- Allow to configure remote logger's write timeout and workers.
- Improved syslog RFC5424 formatting.
 2023-05-28 23:19:56 +02:00
Gustavo Iñiguez Goia
463378c214
misc: changed the level of some messages 
Also added [DNS] to some messages.

Related: #954
 2023-05-28 16:23:39 +02:00
munix9
11baad083d
ebpf modules compilation fixes 
- don't import hardcoded architecture.
- use generic cpu (-mcpu=generic)
- removed linux/version.h from modules.

related #954
 2023-05-28 15:24:33 +02:00
Gustavo Iñiguez Goia
9c483b1a59
sys,fw: allow to create multiprotocol rules 
Now you can add rules to allow multiple protocols.
For example you can add a rule to allow dport/sport for both TCP
and UDP.

There're two options to allow a port:

Statement {
 Name: tcp
 Values:
   Key: dport
   Value: 1234
}

Statement {
 Name: meta
 Values:
   Key: l4proto
   Value: tcp,udp

   Key: dport
   Value: 1234
}

Closes #951.
 2023-05-27 22:02:14 +02:00
Gustavo Iñiguez Goia
3432c6a694
ui,fw: fixed allowing inbound services 
The helper dialog to allow inbound connections to a port was adding a
rule to source port, instead of destination port.

The source port is needed to allow the traffic of a *local service"
when the inbound policy is set to Deny.
 2023-05-25 17:39:17 +02:00
Gustavo Iñiguez Goia
810b785b3a
sys,fw: put dns rule always at the top of the chain 
The DNS rule to intercept DNS responses must always be at the top of
the (input-filter) rules, otherwise we won't receive DNS resolutions.

Adding, removing or changing system fw rules was removing the rule from 1st
position.

Another approach to this problem could be to remove&&add only the dns rule,
instead of disable-enable interception+rules monitor.
 2023-05-25 01:20:53 +02:00
Gustavo Iñiguez Goia
9f71c15e57
sys,fw: fixed race condition creating system rules 
Hard to reproduce, but not impossible
 2023-05-24 14:26:58 +02:00
Gustavo Iñiguez Goia
631f27ee24
loggers: fixed race condition on remote loggers 
- Fixed race condition when a remote logger can't open a connection with
  the server.
 2023-05-24 01:19:07 +02:00
Gustavo Iñiguez Goia
500f5fe256
i18n: removed .qm from the repo 2023-05-23 18:01:00 +02:00
Toni Lähdekorpi
6afa7a3d0e
i18n: add Finnish translations (#948) 
* i18n: initial support for Finnish

* i18n: add Finnish translations for rules

* i18n: add Finnish translations for rules

* i18n: translated using Weblate (Finnish)

Currently translated at 99.6% (516 of 518 strings)

Translation: Open Source/opensnitch

* i18n: finalize Finnish translations

* i18n: run Finnish translations through lrelease

---------

Co-authored-by: Toni Lähdekorpi <toni.lahdekorpi@neuvo.ai>
 2023-05-23 17:58:18 +02:00
Gustavo Iñiguez Goia
9079323bed
sys,fw: better fw rules monitor 
- Fixed race conditio monitoring interception rules.
 2023-05-22 18:10:12 +02:00
Gustavo Iñiguez Goia
0402bb1555
i18n: updated translations definitions 2023-05-19 18:31:26 +02:00
Gustavo Iñiguez Goia
3d99eae3ae
i18n: updated translations 2023-05-19 18:26:07 +02:00
Gustavo Iñiguez Goia
d18a2946e5
Merge pull request #945 from ovari/master 
Update README.md
 2023-05-19 13:06:26 +02:00
ovari
de082f445d
Update README.md 
https://hosted.weblate.org/widgets/opensnitch/?lang=&component=glossary#multi
 2023-05-19 19:03:45 +10:00
Gustavo Iñiguez Goia
6c456aefba
sys fw: fixed race condition reloading rules 2023-05-19 01:35:20 +02:00
Gustavo Iñiguez Goia
7c631376db
ui, fw: avoid unnecessary rules reloads 
- When changing a policy, disable it until we receive a response.
  Maybe we should even delay it a little bit more.
- When editing a fw rule, disable the Save button if the user didn't
  change any field.
 2023-05-19 01:24:56 +02:00
Gustavo Iñiguez Goia
de198fd826
fw: fixed leak stopping rules checker 2023-05-18 23:28:42 +02:00
Gustavo Iñiguez Goia
13ef497538
Merge pull request #944 from davide125/shebang 
ui: remove unnecessary shebang
 2023-05-18 23:08:29 +02:00
Gustavo Iñiguez Goia
8440964ed2
Merge pull request #943 from davide125/bump 
ui: bump unicode_slugify to 0.1.5
 2023-05-18 23:08:11 +02:00
Davide Cavalca
c6153ec661 ui: remove unnecessary shebang 2023-05-18 12:04:14 -07:00
Davide Cavalca
b3ecb69a5a ui: bump unicode_slugify to 0.1.5 2023-05-18 11:27:21 -07:00
Gustavo Iñiguez Goia
f3a621e192
changed system requirements reading 2023-05-18 14:32:03 +02:00
Gustavo Iñiguez Goia
8513c0dd7f
Added system requirements check 
Added flag to check system requirements.
Related: #774
 2023-05-18 14:23:40 +02:00
Gustavo Iñiguez Goia
6b297a93b1
ci: removed compiling for 5.8 kernel 2023-05-17 17:28:55 +02:00
Gustavo Iñiguez Goia
96a962be2b
ci fixes 2023-05-17 13:00:13 +02:00
Gustavo Iñiguez Goia
0bb46197cc
ci fixes 2023-05-17 12:54:36 +02:00
Gustavo Iñiguez Goia
f97e7392a3
ci fixes 2023-05-17 12:26:49 +02:00