mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
opensnitch/daemon
History
Gustavo Iñiguez Goia 12b4cf3104
added option to secure channel communications 
Allow to cypher channel communications with certificates.

There are 3 authentication types: simple, tls-simple and tls-mutual.

 - 'simple' wont't cypher communications.
 - 'tls-simple' uses a server key and certificate for the server, and a
   common CA certificate or the server certificate to authenticate all
   nodes.
 - 'tls-mutual' uses a server key and certificate for the server, and a
   client key and certificate per node.

There are 2 options to verify how gRPC validates credentials:
 - SkipVerify: https://pkg.go.dev/crypto/tls#Config
 - ClientAuthType: https://pkg.go.dev/crypto/tls#ClientAuthType

Example configuration:
    "Server": {
        "Address": "127.0.0.1:12345",
        "Authentication": {
            "Type": "tls-simple",
            "TLSOptions": {
                "CACert": "/etc/opensnitchd/auth/ca-cert.pem",
                "ServerCert": "/etc/opensnitchd/auth/server-cert.pem",
                "ClientCert": "/etc/opensnitchd/auth/client-cert.pem",
                "ClientKey": "/etc/opensnitchd/auth/client-key.pem",
                "SkipVerify": false,
                "ClientAuthType": "req-and-verify-cert"
            }
        }
    }

More info: https://github.com/evilsocket/opensnitch/wiki/Nodes
2023-06-23 16:51:36 +02:00
..
conman added more logs for better issues debugging 2023-04-21 23:28:13 +02:00
core changed system requirements reading 2023-05-18 14:32:03 +02:00
dns dns monitor: ignore some dns answers 2023-03-12 21:37:11 +01:00
firewall sys fw: allow to add icmp types by commas 2023-06-20 01:14:57 +02:00
log log: fixed logging service 2023-06-09 17:43:32 +02:00
netfilter added more logs for better issues debugging 2023-04-21 23:28:13 +02:00
netlink tests: disable netlink sockets tests by default 2023-02-21 00:23:16 +01:00
netstat updated import paths 2020-12-09 18:18:42 +01:00
procmon misc: changed the level of some messages 2023-05-28 16:23:39 +02:00
rule allow to filter connections by source port 2023-05-01 14:48:34 +02:00
statistics improvements to ui, ebpf, netfilter 2022-12-23 14:39:49 +01:00
ui added option to secure channel communications 2023-06-23 16:51:36 +02:00
.gitignore daemon -> opensnitchd (ref #118) 2018-04-10 18:38:04 +02:00
default-config.json Introduce 2 new daemon logging options: LogUTC & LogMicro. 2023-06-05 20:46:42 -06:00
go.mod Added systemd-resolved DNS monitor 2023-03-10 15:04:42 +01:00
Gopkg.toml fix: calling ftrace probe Reset in order to start from a clean state (fixes #159) 2018-04-18 02:00:12 +02:00
main.go log: fixed logging service 2023-06-09 17:43:32 +02:00
Makefile daemon/Makefile: improvements to make distro packaging easier (#780) 2022-12-21 10:35:52 +01:00
opensnitchd-dinit Add files via upload 2023-06-17 23:56:58 +02:00
opensnitchd-openrc feat(daemon): add OpenRC script 2023-04-02 02:33:40 +02:00
opensnitchd.service Replace docs link in opensnitchd.service 2023-02-09 20:56:29 +00:00
system-fw.json better errors, fixed default sys fw conf 2022-12-16 17:09:37 +01:00