mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

updated after opensnitch repo commit ac938ef687

wiki auto updater 2024-05-15 23:07:08 +00:00
parent 799e5227e9
commit 85f08c0fd7
1 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
Configurations.md

@ -7,14 +7,14 @@ The file _/etc/opensnitchd/default-config.json_ holds the daemon configuration:
"Server": {
"Address": "unix:///tmp/osui.sock",
"LogFile": "/var/log/opensnitchd.log"
"Authentication": {}
"Authentication": {},
"Loggers": {}
},
"DefaultAction": "deny",
"DefaultDuration": "once",
"InterceptUnknown": true,
"ProcMonitorMethod": "ebpf",
"LogLevel": 1
"Loggers": {}
"Firewall": "nftables",
"FwOptions": {
"ConfigPath": "/etc/opensnitchd/system-fw.json",
@ -26,7 +26,9 @@ The file _/etc/opensnitchd/default-config.json_ holds the daemon configuration:
"EnableChecksums": true
},
"Ebpf": {
"ModulesPath": "/tmp/ebpf"
"ModulesPath": "/tmp/ebpf",
"EventsWorkers": 8,
"QueueEventsSize": 0
},
"Internal": {
"GCPercent": 75
@ -44,22 +46,25 @@ Option | Value
Server.Address | Unix socket (unix:///tmp/osui.sock, the "unix:///" part is mandatory) or TCP socket (192.168.1.100:50051)
Server.LogFile | file to write logs to (use /dev/stdout to write logs to standard output)
Server.Authentication | https://github.com/evilsocket/opensnitch/wiki/Nodes-authentication#nodes-authentication-added-in-v161
Server.Loggers | https://github.com/evilsocket/opensnitch/wiki/SIEM-integration
DefaultAction [0] | allow, deny, reject (>= 1.6.6)
~DefaultDuration~ | ~once, always, until restart, 30s, 5m, 15m, 30m, 1h~ DEPRECATED
InterceptUnknown [1] | true, false
ProcMonitorMethod | ebpf, proc, audit
LogLevel | 0 to 4 (debug, info, important, warning, error)
Loggers | https://github.com/evilsocket/opensnitch/wiki/SIEM-integration
Firewall | "nftables" or "iptables"
Stats.MaxEvents | Max events to send to the GUI every second. If you think that you're missing some connections increased this value.
Stats.MaxStats | Max stats per item (port, host, IP, process, etc) to keep in the backlog.
Stats.Workers | Max workers to handle the statistics
Ebpf.ModulesPath (>= v1.6.5) | Alternative location of the eBPF modules (default /usr/lib/opensnitchd/ebpf)
Rules.Path (>= v1.6.5) | Alternative path to the rules path.
Ebpf.EventsWorkers (>= v1.6.5) | Number of goroutines to handle kernel events (default: 8).
Ebpf.QueueEventsSize (>= v1.6.5) | Max number of events queued. Default 0, meaning that the events will be processed with the available goroutines. If the value is > 0 and the daemon can't handle the events fast enough, they'll be queued. Once the queue is full, it'll behave as it was of size 0.
Rules.Path (>= v1.6.5) | Alternative location of to the rules.
FwOptions.ConfigPath (>= v1.7.0) | Alternative path to the firewall configuration (default /etc/opensnitchd/system-fw.json)
FwOptions.MonitorInterval (>= v1.7.0) | Interval time to check that interception rules are loaded.
FwOptions.MonitorInterval (>= v1.7.0) | Interval time to check that interception rules are loaded. Default "15s", "0s" disables the monitor (value format in time.Duration: https://pkg.go.dev/time#ParseDuration)
Rules.EnableChecksums (>= v1.7.0)| Obtain processes's checksums and allow create rules to filter by them.
Internal.GCPercent (>= v1.7.0)| Option to configure how often the daemon frees up unused memory (https://tip.golang.org/doc/gc-guide#GOGC).
Internal.FlushConnsOnStart | Option to kill established connections whenever the firewall is reloaded / started.
If you change the configuration or the rules under _/etc/opensnitchd/rules/_, they'll be reloaded automatically. No restart is needed.