Closed Maziar123 closed 3 years ago
gustavo-iniguez-goya
commented
3 years ago Hi @Maziar123 ,
What's the Default Action of the daemon? /etc/opensnitchd/default-action.json If you have it configure to deny, try changing it to allow.
Is it the first time you install it, or did you upgrade it?
Also check /var/log/opensnitchd.log for any errors when the problem occurs. Or post the log.
Maziar123
commented
3 years ago Hi last use it in last stable version in Ubuntu but now in manjaro seems have problem with graphic or x windows
the /etc/opensnitchd/default-action.json is set to deny
For fix this problem daemon must load later ... i do it manually in kde
gustavo-iniguez-goya
commented
3 years ago the /etc/opensnitchd/default-action.json is set to deny
ok, try to set it to allow please, and let me know if kde loads properly. If it does, add the following rule to /etc/opensnitchd/rules/000-allow-system-cmds to allow dirmngr, host and xbrlapi:
{
"created": "2021-04-26T09:58:03.704090244+02:00",
"updated": "2021-04-26T09:58:03.704216578+02:00",
"name": "000-allow-system-cmds",
"enabled": true,
"precedence": true,
"action": "allow",
"duration": "always",
"operator": {
"type": "regexp",
"operand": "process.path",
"sensitive": false,
"data": "^(/usr/bin/host|/usr/bin/xbrlapi|/usr/bin/dirmngr)",
"list": []
}
}the /etc/opensnitchd/default-action.json is set to deny
ok, try to set it to
allowplease, and let me know if kde loads properly. If it does, add the following rule to/etc/opensnitchd/rules/000-allow-system-cmdsto allowdirmngr,hostandxbrlapi:{ "created": "2021-04-26T09:58:03.704090244+02:00", "updated": "2021-04-26T09:58:03.704216578+02:00", "name": "000-allow-system-cmds", "enabled": true, "precedence": true, "action": "allow", "duration": "always", "operator": { "type": "regexp", "operand": "process.path", "sensitive": false, "data": "^(/usr/bin/host|/usr/bin/xbrlapi|/usr/bin/dirmngr)", "list": [] } }
Hi
I test it work for me
Maziar123
commented
3 years ago I open this issue again !
yes wit last setting kde boot
but 2nd monitor desktop not work !
disable by " systemctl disable opensnitchd" fix 2nd monitor problem
gustavo-iniguez-goya
commented
3 years ago oops, could you make a copy of the file /var/log/opensnitchd.log just after boot when the error occurs, and post it here?
Set it to debug level before reboot. Thank you in advance!
Maziar123
commented
3 years ago Hi
Sorry for late answer .
i do some check it after add /etc/opensnitchd/default-action.json
in default deny in boot problem solved but continue my test show when default action is allow or deny when logout / login error back again :( logfile in dbug mode :
gustavo-iniguez-goya
commented
3 years ago Thank you for the logs @Maziar123
I don't quite understand the logs to be honest, it looks like the GUI is getting killed after logging in (just a guess). I'll try to reproduce the issue.
Maziar123
commented
3 years ago for you info perhaps help find problem : I write one script with sudores permission to autostart opensnichd after gui load
this gone my problem
sleep 15 systemctl start opensnitchd sleep 10 opensnitch-ui &
gustavo-iniguez-goya
commented
3 years ago Sorry, I couldn't reproduced the problem. It worked as expected for me.
Thank you for the script/workaround, I'm glad you solved it temporary.
yes wit last setting kde boot but 2nd monitor desktop not work !
Could you explain a little bit what's the problem here? KDE works correctly, but the second monitor does not?
Try adding a new rule to allow everything to 127.0.0.1 ([x] To this IP/Net: 127.0.0.1)
Danny3
commented
3 years ago I don't think this problem exist on Kubuntu, but there are others like:
But I don't know if this is an Opensnitch problem, like catching too much, like intercepting too much or it's a KDE problem where they use some networking protocols when they shouldn't. the requested connection permission is to localhost (127.0.0.1), but it still doesn't make too much sense why this is required to browse my local files. Seen on latest version of Kubuntu and OpenSnitch.
Maziar123
commented
3 years ago Try adding a new rule to allow everything to
127.0.0.1([x] To this IP/Net: 127.0.0.1)
seems this help yo fix this ,to now i don't see error again
my check show problem happen between opensnich and mesa or amdgpu device or windows manager !
gustavo-iniguez-goya
commented
3 years ago Sometimes I can open it from systray only with two clicks (like the first time) and sometimes only one click is required. This is confusing.
Yep, I've also observed this behaviour on KDE. Will be fixed.
the requested connection permission is to localhost (127.0.0.1), but it still doesn't make too much sense why this is required to browse my local files.
As in the @Maziar123 case, many of the connections to localhost are part of the IPC (InterProcessCommunication) architecture of many programs. They use it to send and receive data, configurations, etc. Other apps use Unix sockets, others memory shared segments, etc. In that case, maybe component1 (GUI) is telling component2 (daemon) to list files, so when component2 list the files it send the list back to component1 via a port in localhost.
Besides adding rules to allow everything to localhost, or to allow certain system apps (dirmngr, xbrlapi, host, etc), you can add a system rule to bypass interception altogether by editing the file /etc/opensnitchd/system-fw.json, for example:
{
"Rule": {
"Description": "Allow connections to localhost",
"Table": "mangle",
"Chain": "OUTPUT",
"Parameters": "-d 127.0.0.0/8",
"Target": "ACCEPT",
"TargetParameters": ""
}
}They' re just regular firewall rules (iptables right now, nftables in the near future, probably with a nice GUI to edit them easily, we'll see...). More on system rules: https://github.com/evilsocket/opensnitch/wiki/System-rules
Maziar123
commented
3 years ago seems with this setting problem solved pleas add it to mainstream
I use manjaro 21 with kernel 5.11 install via http://aur.archlinux.org/packages/opensnitch-git
opensnich version : 1.4.0rc1 when enabling opensnichd.service
after login kde show blank screen with cursor