Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

some applications bypass opensnitch like wget or #171

Closed
TraxXavier opened this issue May 8, 2018 · 25 comments
Closed

some applications bypass opensnitch like wget or #171

TraxXavier opened this issue May 8, 2018 · 25 comments

Comments

@TraxXavier
Copy link

Some applications bypass opensnitch like wget or transmission, while for firefox it works fine.
It seams to be a major issue as ofcause no application should be able to bypass the tool
@evilsocket
Copy link
Owner

any log you can provide?

@TraxXavier
Copy link
Author

<-[2m[2018-05-08 17:23:27]<-[0m <-[97m<-[104m IMP <-[0m Starting opensnitch-daemon v1.0.0b
<-[2m[2018-05-08 17:23:27]<-[0m <-[97m<-[42m INF <-[0m Loading rules from /etc/opensnitchd/rules ...
<-[2m[2018-05-08 17:23:28]<-[0m <-[97m<-[42m INF <-[0m Running on netfilter queue #0 ...
<-[2m[2018-05-08 17:23:41]<-[0m <-[97m<-[42m INF <-[0m Connected to the UI service on /tmp/osui.sock
<-[2m[2018-05-08 17:25:14]<-[0m <-[97m<-[104m IMP <-[0m Saved new rule: <-[32mallow<-[0m if <-[1mprocess.path<-[0m is '<-[33m/lib/systemd/systemd-resolved<-[0m'
<-[2m[2018-05-08 17:25:14]<-[0m <-[97m<-[104m IMP <-[0m Ruleset changed due to allow-simple-libsystemdsystemd-resolved.json, reloading ...
<-[2m[2018-05-08 17:25:24]<-[0m <-[97m<-[104m IMP <-[0m Ruleset changed due to allow-simple-usrlibfirefoxfirefox.json, reloading ...
<-[2m[2018-05-08 17:25:24]<-[0m <-[97m<-[104m IMP <-[0m Saved new rule: <-[32mallow<-[0m if <-[1mprocess.path<-[0m is '<-[33m/usr/lib/firefox/firefox<-[0m'
<-[2m[2018-05-08 17:26:57]<-[0m <-[97m<-[104m IMP <-[0m Ruleset changed due to allow-simple-snapcore4571usrlibsnapdsnapd.json, reloading ...
<-[2m[2018-05-08 17:26:57]<-[0m <-[97m<-[104m IMP <-[0m Saved new rule: <-[32mallow<-[0m if <-[1mprocess.path<-[0m is '<-[33m/snap/core/4571/usr/lib/snapd/snapd<-[0m'
<-[2m[2018-05-08 17:27:06]<-[0m <-[97m<-[104m IMP <-[0m Saved new rule: <-[32mallow<-[0m if <-[1mprocess.path<-[0m is '<-[33m/usr/bin/gnome-software<-[0m'
<-[2m[2018-05-08 17:27:06]<-[0m <-[97m<-[104m IMP <-[0m Ruleset changed due to allow-simple-usrbingnome-software.json, reloading ...
<-[2m[2018-05-08 17:30:06]<-[0m <-[97m<-[104m IMP <-[0m Saved new rule: <-[32mallow<-[0m if <-[1mprocess.path<-[0m is '<-[33m/usr/sbin/NetworkManager<-[0m'
<-[2m[2018-05-08 17:30:06]<-[0m <-[97m<-[104m IMP <-[0m Ruleset changed due to allow-simple-usrsbinnetworkmanager.json, reloading ...

<-[2m[2018-05-08 17:39:31]<-[0m <-[97m<-[104m IMP <-[0m Got signal: terminated
<-[2m[2018-05-08 17:39:31]<-[0m <-[97m<-[42m INF <-[0m Cleaning up ...
<-[2m[2018-05-08 17:40:31]<-[0m <-[97m<-[104m IMP <-[0m Starting opensnitch-daemon v1.0.0b
<-[2m[2018-05-08 17:40:31]<-[0m <-[97m<-[42m INF <-[0m Loading rules from /etc/opensnitchd/rules ...
<-[2m[2018-05-08 17:40:36]<-[0m <-[97m<-[42m INF <-[0m Running on netfilter queue #0 ...
<-[2m[2018-05-08 17:41:25]<-[0m <-[97m<-[42m INF <-[0m Connected to the UI service on /tmp/osui.sock

my than i already downloaded two files with wget

@evilsocket
Copy link
Owner

can you attach the contents of your /etc/opensnitchd/rules folder as well please?

@TraxXavier
Copy link
Author

Its empty, for this test i removed all rules and rebooted,
after reboot the only process i allowed temporarly was "/lib/systemd/systemd-resolved" after that wget could download files over http and transmission could connect to torrent peers, no other prompts than for the systemd-resolved were generated by the ui

@evilsocket
Copy link
Owner

oh i see ... may i ask you to repeat the test with debug logging enabled ( -debug ) then?

@TraxXavier
Copy link
Author

sure, where do i add the -debug to?
trying to start opensnitch-ui complains about a unrecognized commandline how do i pass it to the daemon?

@TraxXavier
Copy link
Author

I noticed that when I restart the service after reboot it shows a message for get just fine. only after reboot it does not see it

@evilsocket
Copy link
Owner

yes it's an argument for the daemon

@TraxXavier
Copy link
Author

how do i pass a parameter to a deamon that is being started at boot? what file do i have to add the parameter to?

@evilsocket
Copy link
Owner

change the command line on /etc/systemd/system/opensnitchd.service

@TraxXavier
Copy link
Author

`�[2m[2018-05-08 17:23:27]�[0m �[97m�[104m IMP �[0m Starting opensnitch-daemon v1.0.0b
�[2m[2018-05-08 17:23:27]�[0m �[97m�[42m INF �[0m Loading rules from /etc/opensnitchd/rules ...
�[2m[2018-05-08 17:23:28]�[0m �[97m�[42m INF �[0m Running on netfilter queue #0 ...
�[2m[2018-05-08 17:23:41]�[0m �[97m�[42m INF �[0m Connected to the UI service on /tmp/osui.sock
�[2m[2018-05-08 17:25:14]�[0m �[97m�[104m IMP �[0m Saved new rule: �[32mallow�[0m if �[1mprocess.path�[0m is '�[33m/lib/systemd/systemd-resolved�[0m'
�[2m[2018-05-08 17:25:14]�[0m �[97m�[104m IMP �[0m Ruleset changed due to allow-simple-libsystemdsystemd-resolved.json, reloading ...
�[2m[2018-05-08 17:25:24]�[0m �[97m�[104m IMP �[0m Ruleset changed due to allow-simple-usrlibfirefoxfirefox.json, reloading ...
�[2m[2018-05-08 17:25:24]�[0m �[97m�[104m IMP �[0m Saved new rule: �[32mallow�[0m if �[1mprocess.path�[0m is '�[33m/usr/lib/firefox/firefox�[0m'
�[2m[2018-05-08 17:26:57]�[0m �[97m�[104m IMP �[0m Ruleset changed due to allow-simple-snapcore4571usrlibsnapdsnapd.json, reloading ...
�[2m[2018-05-08 17:26:57]�[0m �[97m�[104m IMP �[0m Saved new rule: �[32mallow�[0m if �[1mprocess.path�[0m is '�[33m/snap/core/4571/usr/lib/snapd/snapd�[0m'
�[2m[2018-05-08 17:27:06]�[0m �[97m�[104m IMP �[0m Saved new rule: �[32mallow�[0m if �[1mprocess.path�[0m is '�[33m/usr/bin/gnome-software�[0m'
�[2m[2018-05-08 17:27:06]�[0m �[97m�[104m IMP �[0m Ruleset changed due to allow-simple-usrbingnome-software.json, reloading ...
�[2m[2018-05-08 17:30:06]�[0m �[97m�[104m IMP �[0m Saved new rule: �[32mallow�[0m if �[1mprocess.path�[0m is '�[33m/usr/sbin/NetworkManager�[0m'
�[2m[2018-05-08 17:30:06]�[0m �[97m�[104m IMP �[0m Ruleset changed due to allow-simple-usrsbinnetworkmanager.json, reloading ...

�[2m[2018-05-08 17:39:31]�[0m �[97m�[104m IMP �[0m Got signal: terminated
�[2m[2018-05-08 17:39:31]�[0m �[97m�[42m INF �[0m Cleaning up ...
�[2m[2018-05-08 17:40:31]�[0m �[97m�[104m IMP �[0m Starting opensnitch-daemon v1.0.0b
�[2m[2018-05-08 17:40:31]�[0m �[97m�[42m INF �[0m Loading rules from /etc/opensnitchd/rules ...
�[2m[2018-05-08 17:40:36]�[0m �[97m�[42m INF �[0m Running on netfilter queue #0 ...
�[2m[2018-05-08 17:41:25]�[0m �[97m�[42m INF �[0m Connected to the UI service on /tmp/osui.sock

�[2m[2018-05-12 07:52:35]�[0m �[97m�[104m IMP �[0m Got signal: terminated
�[2m[2018-05-12 07:52:35]�[0m �[97m�[42m INF �[0m Cleaning up ...
�[2m[2018-05-12 07:53:37]�[0m �[97m�[104m IMP �[0m Starting opensnitch-daemon v1.0.0b
�[2m[2018-05-12 07:53:37]�[0m �[97m�[42m INF �[0m Loading rules from /etc/opensnitchd/rules ...
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Reading rule from /etc/opensnitchd/rules/allow-simple-libsystemdsystemd-resolved.json
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Loaded rule from /etc/opensnitchd/rules/allow-simple-libsystemdsystemd-resolved.json: allow-simple-libsystemdsystemd-resolved: if(�[1mprocess.path�[0m is '�[33m/lib/systemd/systemd-resolved�[0m'){ allow always }
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Reading rule from /etc/opensnitchd/rules/allow-simple-snapcore4571usrlibsnapdsnapd.json
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Loaded rule from /etc/opensnitchd/rules/allow-simple-snapcore4571usrlibsnapdsnapd.json: allow-simple-snapcore4571usrlibsnapdsnapd: if(�[1mprocess.path�[0m is '�[33m/snap/core/4571/usr/lib/snapd/snapd�[0m'){ allow always }
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Reading rule from /etc/opensnitchd/rules/allow-simple-usrbingnome-software.json
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Loaded rule from /etc/opensnitchd/rules/allow-simple-usrbingnome-software.json: allow-simple-usrbingnome-software: if(�[1mprocess.path�[0m is '�[33m/usr/bin/gnome-software�[0m'){ allow always }
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Reading rule from /etc/opensnitchd/rules/allow-simple-usrlibfirefoxfirefox.json
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Loaded rule from /etc/opensnitchd/rules/allow-simple-usrlibfirefoxfirefox.json: allow-simple-usrlibfirefoxfirefox: if(�[1mprocess.path�[0m is '�[33m/usr/lib/firefox/firefox�[0m'){ allow always }
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Reading rule from /etc/opensnitchd/rules/allow-simple-usrsbinnetworkmanager.json
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Loaded rule from /etc/opensnitchd/rules/allow-simple-usrsbinnetworkmanager.json: allow-simple-usrsbinnetworkmanager: if(�[1mprocess.path�[0m is '�[33m/usr/sbin/NetworkManager�[0m'){ allow always }
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Starting 16 workers ...
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #1 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Rules watcher started on path /etc/opensnitchd/rules ...
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #0 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #1 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #2 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #15 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Stats worker #3 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #2 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #0 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #8 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #3 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #4 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #5 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #6 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #7 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #11 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #9 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #10 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #13 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #12 started.
�[2m[2018-05-12 07:53:37]�[0m �[2m�[30m�[100m DBG �[0m Worker #14 started.
�[2m[2018-05-12 07:53:42]�[0m �[97m�[42m INF �[0m Running on netfilter queue #0 ...
�[2m[2018-05-12 07:53:42]�[0m �[2m�[30m�[100m DBG �[0m UI service poller started for socket /tmp/osui.sock
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m �[1m�[32m✔�[0m�[0m �[1m/lib/systemd/systemd-resolved�[0m -> �[1m10.70.0.1�[0m:53 (�[32mallow-simple-libsystemdsystemd-resolved�[0m)
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m �[1m�[32m✔�[0m�[0m �[1m/lib/systemd/systemd-resolved�[0m -> �[1m10.70.0.1�[0m:53 (�[32mallow-simple-libsystemdsystemd-resolved�[0m)
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 91.189.91.157 -> ntp.ubuntu.com
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 91.189.89.199 -> ntp.ubuntu.com
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 91.189.94.4 -> ntp.ubuntu.com
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 91.189.89.198 -> ntp.ubuntu.com
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 91.189.91.157 -> ntp.ubuntu.com
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 91.189.89.199 -> ntp.ubuntu.com
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 91.189.94.4 -> ntp.ubuntu.com
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 91.189.89.198 -> ntp.ubuntu.com
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 2001:67c:1560:8003::c7 -> ntp.ubuntu.com
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 2001:67c:1560:8003::c8 -> ntp.ubuntu.com
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 2001:67c:1560:8003::c7 -> ntp.ubuntu.com
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 2001:67c:1560:8003::c8 -> ntp.ubuntu.com
�[2m[2018-05-12 07:53:54]�[0m �[2m�[30m�[100m DBG �[0m Could not find netstat entry for: 10.70.0.34 ->(udp)-> ntp.ubuntu.com:123
�[2m[2018-05-12 07:54:26]�[0m �[2m�[30m�[100m DBG �[0m Could not find netstat entry for: 10.70.0.34 ->(udp)-> ntp.ubuntu.com:123
�[2m[2018-05-12 07:54:28]�[0m �[2m�[30m�[100m DBG �[0m �[1m�[32m✔�[0m�[0m �[1m/usr/sbin/NetworkManager�[0m -> �[1m104.198.143.177�[0m:80 (�[32mallow-simple-usrsbinnetworkmanager�[0m)
�[2m[2018-05-12 07:54:29]�[0m �[97m�[42m INF �[0m Connected to the UI service on /tmp/osui.sock
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m �[1m�[32m✔�[0m�[0m �[1m/lib/systemd/systemd-resolved�[0m -> �[1m10.70.0.1�[0m:53 (�[32mallow-simple-libsystemdsystemd-resolved�[0m)
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m �[1m�[32m✔�[0m�[0m �[1m/lib/systemd/systemd-resolved�[0m -> �[1m10.70.0.1�[0m:53 (�[32mallow-simple-libsystemdsystemd-resolved�[0m)
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 131.186.113.136 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 216.146.43.71 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 216.146.38.70 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 131.186.113.135 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 162.88.96.194 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 162.88.100.200 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 162.88.100.200 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 162.88.96.194 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 131.186.113.135 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 216.146.38.70 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 216.146.43.71 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 131.186.113.136 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m �[1m�[32m✔�[0m�[0m �[1m/lib/systemd/systemd-resolved�[0m -> �[1m10.70.0.1�[0m:53 (�[32mallow-simple-libsystemdsystemd-resolved�[0m)
�[2m[2018-05-12 07:55:17]�[0m �[2m�[30m�[100m DBG �[0m Could not find process id for: 10.70.0.34 (uid:1000) ->(tcp)-> checkip.dyndns.com:80
�[2m[2018-05-12 07:55:30]�[0m �[2m�[30m�[100m DBG �[0m Could not find netstat entry for: 10.70.0.34 ->(udp)-> ntp.ubuntu.com:123
�[2m[2018-05-12 07:55:41]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 162.88.100.200 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:41]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 162.88.96.194 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:41]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 131.186.113.135 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:41]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 216.146.38.70 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:41]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 216.146.43.71 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:41]�[0m �[2m�[30m�[100m DBG �[0m New DNS record: 131.186.113.136 -> checkip.dyndns.com
�[2m[2018-05-12 07:55:41]�[0m �[2m�[30m�[100m DBG �[0m Could not find process id for: 10.70.0.34 (uid:1000) ->(tcp)-> checkip.dyndns.com:80`

@TraxXavier
Copy link
Author

"Could not find process id for" sounds to me as it may be the root of the problem

after i restart the service it works fine:
�[2m[2018-05-12 07:58:19]�[0m �[97m�[43m WAR �[0m �[1m�[31m✘�[0m�[0m �[1m/usr/bin/wget�[0m -> �[1mcheckip.dyndns.com�[0m:80 (�[31mdeny-simple-usrbinwget�[0m)

The issue is reproducibly only present after reboot (i remember that the first start after compile also had that issue)

Cheers
Trax

@evilsocket
Copy link
Owner

yep, there're some cases when that happens and that's pretty much the only reason why this is still not 1.0.0, i'm trying to fix that but it's not easy :)

@TraxXavier
Copy link
Author

How about in such cases still showing the prompt (with no option to make a permanent rule) and just say unidentified application cause than the user at least would have the option to allow or deny it anyways.

@letmebecome
Copy link

It's really bug, old version working well. But new version don't catch any application.

@J0hnnyb0y86
Copy link

same problem, i have reinstalled it today.

@warkruid
Copy link

Same problem, no logging or activity at all on any outgoing connection.

@dreamcat4
Copy link

Very patchy. Even for those subset of applications that work. A very large proportion of the traffic is being missed. And other applications are missed entirely. If I knew how to install the old version instead, (being on ubuntu 18.04). Then I would certainly try that. But at best, it's really complex to install for the uninitiated. Due to it's required dependencies and certain other idiosyncrasies

@evilsocket
Copy link
Owner

@dreamcat4 remember this software is free and open source, you're welcome to send your contributions to improve it!

@dreamcat4
Copy link

Thank you for the offer @evilsocket. But that's a decline from me. For certain other reasons which I would not wish to bother you with.... It's only so annoying because you seem so close! And due to the lack of similar options in this space, why it's so important for your project to succeed.

@evilsocket
Copy link
Owner

if it's annoying, you can help, or you can decide not to use this software ... complaining that way, without even a log one can use to debug the issues you're experiencing, doesn't change much i'm afraid.

@savoury1 savoury1 mentioned this issue Sep 22, 2018
Closed
This was referenced Nov 21, 2018
Closed
Merged
@Ryujinra Ryujinra mentioned this issue Feb 24, 2019
Closed
@gustavo-iniguez-goya
Copy link
Collaborator

gustavo-iniguez-goya commented Jun 18, 2019
edited
Loading

Hi all,

I'm having this problem with chromium on Debian. What I've realized is that the simbolic link in /proc is broken:

[2019-06-18 08:19:54] DBG Could not find process by its pid 11511 for: 192.168.1.37 (uid:1010) ->(udp)-> 1.1.1.1:53

v@:~/go/src/github.com/evilsocket/opensnitch/daemon$ file /proc/11511/exe 
/proc/11511/exe: symbolic link to /usr/lib/chromium/chromium (deleted)
v@:~/go/src/github.com/evilsocket/opensnitch/daemon$ ls -l /proc/11511/exe 
lrwxrwxrwx 1 v v 0 jun 15 13:21 /proc/11511/exe -> '/usr/lib/chromium/chromium (deleted)'
v@:~/go/src/github.com/evilsocket/opensnitch/daemon$ ls -l /usr/lib/chromium/chromium 
-rwxr-xr-x 1 root root 173887520 jun 14 02:10 /usr/lib/chromium/chromium
v@:~/go/src/github.com/evilsocket/opensnitch/daemon$ ps -p 11511
  PID TTY          TIME CMD
11511 tty2     01:16:28 chromium
v@:~/go/src/github.com/evilsocket/opensnitch/daemon$ 
v@:~/go/src/github.com/evilsocket/opensnitch/daemon$ stat /proc/11511/exe 
  Fichero: /proc/11511/exe -> /usr/lib/chromium/chromium (deleted)
  Tamaño: 0         	Bloques: 0          Bloque E/S: 1024   enlace simbólico
Dispositivo: 4h/4d	Nodo-i: 13786214    Enlaces: 1
Acceso: (0777/lrwxrwxrwx)  Uid: ( 1010/      v)   Gid: ( 1010/      v)
      Acceso: 2019-06-17 19:11:45.984026784 +0200
Modificación: 2019-06-15 13:21:10.723839469 +0200
      Cambio: 2019-06-15 13:21:10.723839469 +0200
    Creación: -

In my case I'm runnning chromium under firejail, I don't know if it causes the "broken" symbolic link.

@gustavo-iniguez-goya
Copy link
Collaborator

One possible solution/workaround would be to Stat the file, and maybe get rid of the " (deleted)" part.
Also, if it still fails, then we could parse /proc/%d/cmdline, even if we only display the first part of a process name with spaces. And as a final option, I would even use the pid of the process, because we won't see what's the process name but at least you can see to what port and IP your PC is connecting to.

diff --git a/daemon/procmon/parse.go b/daemon/procmon/parse.go
index cca9d6d..00ae6fc 100644
--- a/daemon/procmon/parse.go
+++ b/daemon/procmon/parse.go
@@ -7,6 +7,7 @@ import (
    "strings"

    "github.com/evilsocket/opensnitch/daemon/core"
+   "github.com/evilsocket/opensnitch/daemon/log"
 )

 func GetPIDFromINode(inode int) int {
@@ -70,13 +71,24 @@ func FindProcess(pid int) *Process {
        return nil
    }

-   if link, err := os.Readlink(linkName); err == nil && core.Exists(link) == true {
-       proc := NewProcess(pid, link)
+    if _, err := os.Stat(linkName); err == nil {
+        link, err := os.Readlink(linkName)
+        if err == nil {
+            proc := NewProcess(pid, link)

-       parseCmdLine(proc)
-       parseEnv(proc)
-
-       return proc
-   }
+            parseCmdLine(proc)
+            parseEnv(proc)
+            return proc
+        } else {
+            proc := NewProcess(pid, linkName)
+            parseCmdLine(proc)
+            parseEnv(proc)
+            return proc
+        }
+    } else if os.IsNotExist(err) {
+        log.Error("FindProcess does not exist error", linkName, err)
+    } else {
+        log.Error("FindProcess error", linkName, err)
+    }
    return nil
 }

@namaneko
Copy link

Hello. I am noticing the same issue and it seems to be random as far as what sneaks through. It is catching a lot of system stuff fine (gnome, networkmonitor, pacman) but most user level apps are getting through (firefox, spotify, vlc, discord). I did a reboot and it picked up Firefox but it did not pick up Spotify or Discord or any other apps. Rebooted again and it did not pick up anything.

Anything I can do to help isolate the issue better? I am not a programmer but I love this software and want to be useful if there's a way for me to be so.

@gustavo-iniguez-goya
Copy link
Collaborator

We have discussed in deep detail this problem here: gustavo-iniguez-goya#84

Most of these errors should be fixed with latest packages, but we still have work to do: https://github.com/evilsocket/opensnitch/releases

There's a new check ([x] Intercept unknown connections) which if you enable it a pop-up will appear when one connection can not be bind to a program.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@dreamcat4 @evilsocket @warkruid @gustavo-iniguez-goya @TraxXavier @J0hnnyb0y86 @letmebecome @namaneko