mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 00:24:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
opensnitch/daemon
History
Gustavo Iñiguez Goia 2509d21e30
daemon: allow to filter connections by parent path 
Some use cases:

 - Reject connections initiated by certain paths:

   Deny all connections initiated by cron*:
        /usr/sbin/cron
            /usr/bin/curl

     "action": "reject",
     "operator: {
        "type": "list",
        "operand": "list",
        "data": "",
        "list": [
     	   {
                "type": "regexp",
                "operand": "process.parent.path",

                // /usr/bin/crond , /usr/bin/crontab, ...
                "data": "^/usr/(s|)bin/cron"
           }
        ]
     }

 - Reject or Allow connections of binaries launched by another app:

       "action": "allow",
       "operator": {
       	"type": "list",
       	"operand": "list",
       	"data": "",
       	"list": [
       	    {
                "type": "simple",
       	        "operand": "process.parent.path",
       	        "data": "/opt/spotify/bin/spotify"
       	    },
       	    {
       	        "type": "simple",
       	        "operand": "process.path",
       	        "data": "/usr/bin/wget"
       	    }
       	  ]
       }

You can also combine multiple parent paths, to allow a command launched
from a specific chain of processes:

    /usr/lib/systemd/systemd
        /usr/sbin/cron
             /bin/sh
                 /usr/bin/curl

The order is checked from the newest process to the oldest (curl -> sh
-> cron -> systemd)

The operand can be used with any of the existing types (simple, regexp,
etc).

Related: #406
2025-02-13 01:23:31 +01:00
..
conman added trace logs for packets and ebpf 2025-01-22 01:06:10 +01:00
core Remove duplicate regex in system.go for -check-requirements 2024-05-26 23:22:53 +00:00
data/rules Added sample rule to allow localhost connections 2023-07-23 22:30:49 +02:00
dns changed dns log messages 2025-01-22 19:19:57 +01:00
firewall allow to configure nfqueue bypass flag 2024-10-19 10:51:40 +02:00
log add new log level TRACE 2025-01-12 00:47:49 +01:00
netfilter structs fields reorganized 2024-01-14 20:44:49 +01:00
netlink netstat: dump AF_PACKET sockets from the kernel 2025-02-06 01:49:40 +01:00
netstat netstat: added option to monitor AF_PACKET sockets 2025-02-03 21:09:51 +01:00
procmon improved the process tree retrieval 2025-02-11 01:21:06 +01:00
rule daemon: allow to filter connections by parent path 2025-02-13 01:23:31 +01:00
statistics more work on reloading configuration 2024-05-11 18:23:20 +02:00
tasks netstat: dump AF_PACKET sockets from the kernel 2025-02-06 01:49:40 +01:00
ui reload procmon method after fw rules 2024-12-17 12:33:38 +01:00
.gitignore daemon -> opensnitchd (ref #118) 2018-04-10 18:38:04 +02:00
default-config.json allow to configure nfqueue bypass flag 2024-10-19 10:51:40 +02:00
go.mod netstat: allow to list XDP sockets 2025-02-05 00:05:02 +01:00
go.sum netstat: allow to list XDP sockets 2025-02-05 00:05:02 +01:00
Gopkg.toml fix: calling ftrace probe Reset in order to start from a clean state (fixes #159) 2018-04-18 02:00:12 +02:00
main.go updated network_aliases.json path 2024-12-17 00:38:30 +01:00
Makefile updated network_aliases.json path 2024-12-17 00:38:30 +01:00
network_aliases.json remove test_range in .json 2024-12-11 11:42:53 +01:00
opensnitchd-dinit Add files via upload 2023-06-17 23:56:58 +02:00
opensnitchd-openrc feat(daemon): add OpenRC script 2023-04-02 02:33:40 +02:00
opensnitchd.service Replace docs link in opensnitchd.service 2023-02-09 20:56:29 +00:00
system-fw.json added icmp destination-unreachable to system-fw.json 2023-07-26 11:40:17 +02:00