Closed echoxxzz closed 3 years ago
The list operator was added by @jkozera and is quite a good idea!
Because typically you want to make rules like: "I want to allow this application to have access to this domain". (Instead of: "I want to allow access to this domain for all applications" or "I want to allow all connections coming from this application").
Following sample allows curl
to access the domain apple.com
:
{
"created": "SOME-DATE",
"updated": "SOME-DATE",
"name": "allow-list-curl-apple-com",
"enabled": true,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"list": [
{
"type": "simple",
"operand": "dest.host",
"data": "apple.com"
},
{
"type": "simple",
"operand": "process.path",
"data": "/usr/bin/curl"
}]
}
}
The list type seems to be available on the GRPC interface.
The list operator was added by @jkozera and is quite a good idea!
I'm glad someone likes it! :smile: (Though I've stopped using opensnitch, sadly.)
Anyway there's one more example of this feature at https://github.com/evilsocket/opensnitch/issues/151#issuecomment-440418638 in case anyone is interested.
List operator is configurable from the GUI finally :)
https://github.com/gustavo-iniguez-goya/opensnitch/wiki/Rules-editor
Thanks a lot *!
Is there any documentation on how to use the List Operator in the .json rules files?