- Calculate the ram usage of a process in the daemon, using the page
size of the system.
- Added new functions to read some details of a process, so we can use
them in other parts of the code.
Added new task to monitor the resources of remote nodes, like
ram, swap, number of processes or load average of the system.
The task is initiated when the user selects a node, and the data
received from the node is added to the right panel of the Nodes tab.
The task is stopped when changing to another tab, or when deselecting a
node.
Particularly useful for monitoring remote nodes.
daemon tasks are actions that are executed in background by the daemon.
They're started from the GUI (server) via a Notification (protobuf),
with the type TASK_START (protobuf).
Once received in the daemon, the TaskManager starts the task in
background.
Tasks may run at interval times (every 5s, 2days, etc), until they
finish an operation, until a timeout, etc.
Each task has each own configuration options, which will customize the
behaviour of its operations.
In this version, if the GUI is closed, the daemon will stop all the
running tasks.
Each Task has a flag to ignore this behaviour, for example if they need
to run until they finish and only send a notification to the GUI,
instead of streaming data continuously to the GUI (server).
- Up until now we only had one task that could be initiated from the GUI:
the process monitor dialog. It has been migrated to a Task{}.
- go.mod bumped to v1.20, to use unsafe string functions.
- go.sum updated accordingly.
When filtering by checksum and the checksum of a rule changes, we
display a warning on the popup, indicating that something happened.
The user had the option to update the checksum of one rule, directly
from the popup.
Now there's a new button to update all the rules that have a checksum as
filtering parameter.
When creating/editing rules to filter by lists of nets/IPs/domains, we
check if the path entered is a directory.
However on remote nodes, the path may not exist where the GUI is
running, but be valid where the daemon is running.
Now we only check the path if the node where it's being configured is
local.
Closes#1174
Up until now we had a way of customizing the views, by defining
"actions". See for context cba52cf3d8
The configuration syntax has not changed, but now every "action" is a
python plugin, for example when loading this configuration:
{
"name": "commonDelegateConfig",
"actions": {
"highlight": {
"enabled": true,
"cells": [
{
"text": ["allow", "✓ online"],
"color": "white",
"bgcolor: "green",
we'll try to load "highlight" as plugin, which should exist under
opensnitch/plugins/highligh/highlight.py
Three new plugins has been added:
- Highlight: colorize cells or rows based on patterns.
- Downloader: a simple downloader which downloads files to local
directories, for example to download blocklists.
- Virustotal: a plugin to analyze IPs, domains and checksums with the
API of virustotal when a new popup is fired.
There're 3 points where the plugins are configured and executed:
- opensnitch/service.py - _load_plugins() (background/global plugins)
- opensnitch/dialogs/prompt/__init__.py - _configure_plugins(), _post_popup_plugins()
- opensnitch/dialogs/processdetails.py - _configure_plugins()
Plugins can't be configured from the GUI (yet).
For more details, read:
opensnitch/plugins/__init__.py
opensnitch/actions/__init__.py
opensnitch/plugins/downloader/downloader.py
opensnitch/plugins/virustotal/virustotal.py
Since the name of the rule is used for the file name on the disk,
certain characters caused issues when saving the rule, like '/'.
Now if the user types or pastes '/' in the name field, a warning is
displayed, indicating that some characters are not allowed.
Closes#1166
When exporting rules, use rfc3339 format for the Created field.
We were exporting as timestamp, which caused issues when importing them.
Related:
58aa979cae
issue #1140
pyinotify has stopped working in python3.12, it fails loading with the
error:
ModuleNotFoundError: No module named 'asyncore'
For now, ignore this error and keep working as usual.
Applications icons will be loaded on GUI startup, but we loose the
ability of discovering the icons of applications while the GUI is
running.
Closes: #1132
Allow to configure from the preferences dialog:
- max stats and events.
- rules path (use default path if empty).
- internal GC percentage, flush connections on start.
Disabled daemon's DefaultDuration option when the daemon is not
connected to the server (GUI). By default is "once".
Improved configuration parsing.
Minor improvements to display status messages.
- Added "More information" label to the preferences dialog, and open a
link to our wiki with more information.
- Allow to configure node auth settings from the GUI:
When we added the authentication options (12b4cf3104,
6556eed1ae, f63d9dce72)
we allowed to configure auth options from the GUI, but only if the
nodes already had the options configured. If the auth options
received were empty, we simply disabled the auth options on the
preferences dialog.
Now we build the configuration in this scenario, and sent it back to
the nodes.
We only offered two options for the DefaultAction option: allow/deny.
Since a long time ago we support "reject"ing connections, but it was not
configurable as the DefaultAction.
Closes: #1108
If the pop-ups' target is to filter by cmdline, but the typed/launched
command is not absolute or it starts with /proc, also filter by the
absolute path to the binary.
If the path of a process starts with /tmp/.mount_*, which is the common
path for appimages, use it as the default target on the popups.
Previously it was only added to the list of targets, but preselecting it
will help users to create rules for appimages.
New option to save and display alerts/events received from the daemon,
like system fw errors or eBPF modules errors.
Until now we only displayed a desktop message, making it difficult to
review the message in detail, or other actions.
Up until now, the GUI was refreshed if:
- it was not minimized or hidden.
- if there were new events (even if we received events from the daemon,
they were filtered out if they were duplicated).
But still, there were scenarios where refreshing the views every second
(more or less) was too much, like when monitoring multiple machines.
Now it's possible to configure the views' refresh interval, regardless
of what the daemon sends.
Asked here: #1073
If the path of the process starts with /tmp/.mount, it typically
indicates that the application is an AppImage.
These apps create a random directory under /tmp, with the pattern
/tmp/.mount_<appId>XXXXXX, where the AppImage is mounted (it's not
always the case, but it usually is).
a0373541c1/runtime.c (L202)
The problem is that if you allow the path to the executable, the next
time you launch the AppImage, the path won't match the rule, and you'll
be prompted again to allow the outbound connection.
So as a helper for the users, if we find the path of the process starts
with /tmp/.mount_, we add an option to the combo box to select the path,
which creates a regular expression to match the AppImage.
Requested here: #1066, #543, #408
When the checksum of a binary changes, due to an update or something
else, you'll be prompted to allow the outbound connection if the
previous checksum of the rule doesn't match the new one.
Without a visual warning was almost impossible to know what was going
on. Besides, you had to dismiss that pop-up, find the rule, and update
the checksum.
Now there's a warning message, and you can update the rule from
the pop-up.
Related: #413
