Closed Pain-Patate closed 4 years ago
Is it important to have the requested versions in this file (requirements.txt) or can we install the latest versions?
Those versions should be the minimum versions required for the UI to work.
What distribution are you using? As far as I can tell, we're compatible from >= pyqt 5.6. The UI setup/install scripts should be updated.
Very good, thanks I'm on Armbian, on arm64. I had very very difficul to install Opensnitch on this system. Normally, it's work. I will be back to give a tutorial. (This steps don't work to me : https://github.com/gustavo-iniguez-goya/opensnitch/wiki/Installation#cross-compiling-the-daemon-for-other-architectures-arm)
Do possible to modify "requirements.txt" with :
grpcio-tools>=1.10.1 # Minimum version required : 1.10.1 pyinotify>=0.9.6 # Minimum version required : 0.9.6 unicode_slugify>=.1.3 # Minimum version required : 0.1.3 pyqt5>=5.10.1 # Minimum version required : 5.10.1
File "requirements.txt" - https://github.com/gustavo-iniguez-goya/opensnitch/blob/main/ui/requirements.txt
These modifications would prevent the uninstallation of pip modules with the required version, during the installation of Opensnitch (if I don't say errors).
Normally, it's work. I will be back to give a tutorial.
cool!
By the way, did you try to install the UI deb package?
By the way, did you try to install the UI deb package?
In the past, I had tested on original Github, but I haven't no enough time.
I tried with this command: sudo dpkg -i python3-opensnitch-ui_1.0.0rc8-1_all.deb Do it good ?
yes, you'll need to run after that: apt -f install
Ok. So, II done :
sudo dpkg -i python3-opensnitch-ui_1.0.0rc8-1_all.deb
sudo apt-get install -f
And at the end, therminal show : Running setup.py install for unicode-slugify ... done Successfully installed unicode-slugify-0.1.3 unidecode-1.1.1
A Opensnitch icon appeared. But it doesn't work.
I verify he name of pip modules installed, with this command : sudo pip list
There aren't pyqt5 and pyinotify. However, they are needed here
opensnitch/ui/requirements.txt
Do have anoter ask support to the problem to the installation with .deb and arm64 (on Armbian) to close this issue ? Too, I must to translate my tutorial in French to English where I list all commands to install your Opensnitch.
Do possible to modify opensnitch/ui/requirements.txt with :
grpcio-tools>=1.10.1 # Minimum version required : 1.10.1
pyinotify>=0.9.6 # Minimum version required : 0.9.6
unicode_slugify>=.1.3 # Minimum version required : 0.1.3
pyqt5>=5.10.1 # Minimum version required : 5.10.1
These modifications would prevent the uninstallation of pip modules with the required version, during the installation of Opensnitch (if I don't say errors).
Can you launch the UI from a terminal and post here the output?
$ /usr/bin/opensnitch-ui
I'm on Armbian, on arm64. I had very very difficul to install Opensnitch on this system.
By the way, I've compiled the daemon for arm64, I've updated the installation instructions, and I'll try to automate the process to build packages for this architecture (or any other).
Can you launch the UI from a terminal and post here the output?
$ /usr/bin/opensnitch-ui
bash: usr/bin/opensnitch-ui: No such file or directory
Too, I'm note use Debian but Armbian (Dietpi with LxQt). Maybe I haven't the same package...
bash: usr/bin/opensnitch-ui: No such file or directory
That means that the UI has not been installed. I'll install dietpi to see if I can install it.
On the other hand, I'm progressing in generating deb packages for multiple arquitectures (armhf, arm64, i386, amd64). Could you test this package on arm64 and tell me if ot works?
bash: usr/bin/opensnitch-ui: No such file or directory
That means that the UI has not been installed. I'll install dietpi to see if I can install it.
On the other hand, I'm progressing in generating deb packages for multiple arquitectures (armhf, arm64, i386, amd64). Could you test this package on arm64 and tell me if ot works?
Very good. I'm ok to test on Armbian, (Dietpi, with Desktop LxQt)
sudo dpkg -i opensnitch_1.0.0rc8-1_arm64.deb
# Doesn't work. Terminal ask to install libnetfilter-queue1.
So, I did this :
sudo apt-get install libnetfilter-queue1
sudo dpkg -i opensnitch_1.0.0rc8-1_arm64.deb
(Reading database ... 53321 files and directories currently installed.)
Preparing to unpack opensnitch_1.0.0rc8-1_arm64.deb ...
Unpacking opensnitch (1.0.0rc8-1) over (1.0.0rc8-1) ...
Setting up opensnitch (1.0.0rc8-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/opensnitch.service → /lib/systemd/system/opensnitch.service.
I use the dietpi-services to add the service : opensnitch. But Opensnitch doesn't work, no icon on start menu, I reboot the system and always no work.
I have a Dietpi who work with Opensnitch and I have manually install with your Github . Here is a tutorial (in summary) of Opensnitch installation on Dietpi, arm64 : 1 – Go installation (langage)v1.14.2 + GIT + Build-essential -- 10 min
2 – Installation of PYTHON v3.8.2 -- 1h30
3 – Update Pip v20.1 -- 5 min
sudo python3 -m pip install --upgrade pip
4 – Installation of Qt5 v5.7.1 and QMake v3.0 -- 5min
sudo apt -y install qtcreator libqt5dbus5 qttools5-dev && export QT_SELECT=qt5
5 – Installation of PyQt5 v5.14.2 and PyQT5-sip v12.7.2 -- 3h
sudo python3 -m pip install pyqt5
6 – Installation of grpcio v1.28.1, grpcio-tools v1.28.1, protobuf v3.11.3, six v1.14.0 -- 2h
sudo python3 -m pip install --user grpcio-tools
7 – Final installation - OPENSNITCH -- 1h
The final terminal : ... Succes ... Cannot find file: icon-white.png
In the all tutorial, I believe I set up the installation incorrectly "Go" and maybe "Qt5"
Coming soon, this weeks, (I Hope), I'm getting my raspberry pi 4. I'll test on it (with Dietpi and Armbian only). Yesss, I can to test Opensnitch on "Duster" version (Dietpi update the system on my hardware. Great)
ok, let us know how it works! :)
Sorry to the late, i'm received th Rpi 4 a few days ago. Currently, the Dietpi to Rpi 4 is in 32 bits (armhf). Is it possible to have a deb packages in armhf ?
Yes, I'll post an armhf deb ASAP.
Here you have: opensnitch_1.0.0rc9-1_armhf.deb.gz
I haven't tested it, only ensure that it's an arm binary. Let me know if it works.
sudo dpkg -i opensnitch_1.0.0rc9-1_armhf.deb
Selecting previously unselected package opensnitch.
(Reading database ... 50295 files and directories currently installed.)
Preparing to unpack opensnitch_1.0.0rc9-1_armhf.deb ...
Unpacking opensnitch (1.0.0rc9-1) ...
Setting up opensnitch (1.0.0rc9-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/opensnitch.service → /lib/systemd/system/opensnitch.service
sudo systemctl enable opensnitch
sudo service opensnitch start
sudo opensnitchd
Starting opensnitch-daemon v1.0.0rc9
[2020-06-09 17:55:24] INF Loading rules from /home/dietpi/rules ...
[2020-06-09 17:55:24] !!! Path '/home/dietpi/rules' does not exist
I created a folder "rules" in this adress : /home/dietpi
sudo opensnitchd
IMP Starting opensnitch-daemon v1.0.0rc9
[2020-06-09 17:57:00] INF Loading rules from /home/dietpi/rules ...
[2020-06-09 17:57:00] !!! Error while running DNS firewall rule: exec: "iptables": executable file not found in $PATH
The service opensnitch don't work.
ok, please, execute the following commands and paste the output:
$ sudo service opensnitch restart
$ pgrep -a opensnitch
$ iptables -t mangle -L OUTPUT
sudo service opensnitch restart
pgrep -a opensnitch
`
3053 /usr/bin/opensnitchd -important -log-file /var/log/opensnitchd.log -rules-path /etc/opensnitchd/rules -ui-socket unix:///tmp/osui.sock`
sudo apt-get install iptables
sudo iptables -t mangle -L OUTPUT
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
NFQUEUE all -- anywhere anywhere ctstate NEW NFQUEUE num 0 bypass
sudo opensnitchd
[2020-06-10 17:00:31] IMP Starting opensnitch-daemon v1.0.0rc9
[2020-06-10 17:00:31] INF Loading rules from /home/dietpi/rules ...
[2020-06-10 17:00:31] WAR Is opnensitchd already running?
[2020-06-10 17:00:31] !!! Error while creating queue #0: Error binding to queue: operation not permitted
sudo service opensnitch stop
sudo opensnitchd
IMP Starting opensnitch-daemon v1.0.0rc9
[2020-06-10 17:02:42] INF Loading rules from /home/dietpi/rules ...
ERROR: path=/usr/sbin/iptables args=[-D INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass] err=exit status 1 out='iptables: Bad rule (does a matching rule exist in that chain?).
'
ERROR: path=/usr/sbin/iptables args=[-D OUTPUT -t mangle -m conntrack --ctstate NEW -j NFQUEUE --queue-num 0 --queue-bypass] err=exit status 1 out='iptables: Bad rule (does a matching rule exist in that chain?).
'
ERROR: path=/usr/sbin/iptables args=[-D OUTPUT -m mark --mark 101285 -j DROP] err=exit status 1 out='iptables: Bad rule (does a matching rule exist in that chain?).
The service opensnitch don't work
The daemon is running fine, see:
$ sudo service opensnitch restart
$ pgrep -a opensnitch
3053 /usr/bin/opensnitchd -important -log-file /var/log/opensnitchd.log -rules-path /etc/opensnitchd/rules -ui-socket unix:///tmp/osui.sock
^ this means that the daemon is running, with PID 3053. if you type tail -f /varlog/opensnitchd.log
you'll see activity.
$ sudo iptables -t mangle -L OUTPUT
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
NFQUEUE all -- anywhere anywhere ctstate NEW NFQUEUE num 0 bypass
^ this also means that the iptables rule has been inserted correctly.
You don't have to execute sudo opensnitchd
. It'll fail because there's a daemon already running.
If you want to execute manually, you'll have to stop the service and then launch it like this:
$ sudo opensnitch stop
$ /usr/bin/opensnitchd -debug -rules-path /etc/opensnitchd/rules -ui-socket unix:///tmp/osui.sock
Thanks to you and you help.
It looks like the service is starting and is not fully operational.
tail -f /var/log/opensnitchd.log
[2020-06-13 16:53:53] IMP Starting opensnitch-daemon v1.0.0rc9
[2020-06-13 16:56:55] IMP Got signal: terminated
[2020-06-13 16:56:56] IMP Starting opensnitch-daemon v1.0.0rc9
[2020-06-13 17:00:05] IMP Got signal: terminated
[2020-06-13 17:00:06] IMP Starting opensnitch-daemon v1.0.0rc9
[2020-06-13 17:00:19] IMP Got signal: terminated
[2020-06-13 17:00:19] IMP Starting opensnitch-daemon v1.0.0rc9
And then, the terminal is blocked. I don't know to open Opensnitch.
Also,
sudo opensnitch stop
`
sudo: opensnitch: command not found`
sudo opensnitchd stop
[2020-06-13 17:07:34] IMP Starting opensnitch-daemon v1.0.0rc9
[2020-06-13 17:07:34] INF Loading rules from /home/dietpi/rules ...
[2020-06-13 17:07:34] WAR Is opnensitchd already running?
[2020-06-13 17:07:34] !!! Error while creating queue #0: Error binding to queue: operation not permitted
Thank you for the logs!
Ok. Unfortunately than means that the kernel has no support for NFQUEUE, or that the kernel modules are not loaded.
Please, post the output of the following commands:
uname -r
lsmod | grep nfnetlik
lsmod | grep xt_
cat /proc/net/ip_tables_targets
cat /proc/net/netfilter/nfnetlink_queue
grep NFQUEUE /boot/config-$(uname -r)
find /lib/modules/$(uname -r) -name 'nfnetlink*'
dpkg -l 'libnetfilter-queue*'
If the find
command finds the nfnetlink.ko
and nfnetlink_queue.ko
files, please, load them as follow:
modprobe nfnetlink
modprobe nfnetlink_queue
modprobe xt_NFQUEUE
And run opensnitch again: service opensnitch restart
I think I've found the problem. I'll post a binary ASAP for you to test.
Please @Pain-Patate , could you copy this binary to /usr/bin, restart the service and try again? opensnitchd.gz
Thank you!
I put all codes you listed here in the terminal
I copied this opensnitchd in /usr/bin
service opensnitch stop
sudo opensnitchd
IMP Starting opensnitch-daemon v1.0.0rc10
[2020-06-14 10:51:40] INF Loading rules from /home/dietpi/rules ...
ERROR: path=/usr/sbin/iptables args=[-D INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass] err=exit status 1 out='iptables: Bad rule (does a matching rule exist in that chain?).
'
ERROR: path=/usr/sbin/iptables args=[-D OUTPUT -t mangle -m conntrack --ctstate NEW -j NFQUEUE --queue-num 0 --queue-bypass] err=exit status 1 out='iptables: Bad rule (does a matching rule exist in that chain?).
'
ERROR: path=/usr/sbin/iptables args=[-D OUTPUT -m mark --mark 101285 -j DROP] err=exit status 1 out='iptables: Bad rule (does a matching rule exist in that chain?).
'
If I do this
sudo service opensnitch restart
tail -f /var/log/opensnitchd.log
`
[2020-06-14 10:55:29] IMP Starting opensnitch-daemon v1.0.0rc10`
Great! now it's working as expected. Modify LogLevel
value in /etc/opensnitchd/default-config.json
to 0 (debug level) in order to see connections detail information.
By the way, always restart the daemon with service opensnitch restart
.
sudo nano /etc/opensnitchd/default-config.json
I modified "LogLevel":2
in LogLevel":0
sudo service opensnitch restart
tail -f /var/log/opensnitchd.log
`
[2020-06-14 14:27:25] DBG new connection tcp => **...**
[2020-06-14 14:27:25] DBG [0/1] outgoing connection: `...
...
Yes, it looks like to work. Each page web in my navigator, there are new information in /var/log/opensnitchd.log Can I open Opensnitch to set it up...?
If you have the GUI installed you should be able to view the connections, modify rules, etc..
Ok, Let's go to install GUI
Install GUI
sudo apt update && sudo apt upgrade
sudo dpkg -i python3-opensnitch-ui*.deb; sudo apt -f install
At the end of the installation, the terminal displays :
The script unidecode is installed in '/usr/local/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Is it a problem important ?
I tried Opensnitch annnnnnnnnddd verrry goood, It work.
Thanks you a lot of @gustavo-iniguez-goya Hello to @evilsocket
I have some small display problems, but I'll mention them later in a new topic, because this one is getting big. :-)
superb!
Yes, it's cool. Also, At the end of the installation, the terminal displays :
The script unidecode is installed in '/usr/local/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Is it a big problem ?
No as far as I can tell.
Veryy good. I thinck we can to closed this issue with success. I explain a summary to install Opensitch Armh version on Raspberry pi 4 : here
Thank you!!
Hi ! Thanks you tou contine the future of Opensnitch. I have on question
In your procedure : Installation from sources (https://github.com/gustavo-iniguez-goya/opensnitch/wiki/Installation#installation-from-sources) : " [...] go get github.com/gustavo-iniguez-goya/opensnitch cd $GOPATH/src/github.com/gustavo-iniguez-goya/opensnitch compile && install make [...] opensnitch-ui "
"Make", compile and choice addons pip : grpcio-tools, pyinotify, unicode_slugify, pyqt5 See : https://github.com/gustavo-iniguez-goya/opensnitch/blob/main/ui/requirements.txt
Question ?
Is it important to have the requested versions in this file (requirements.txt) or can we install the latest versions?
I ask this because my system cannot retrieve and install version 5.10.1 for PyQt5.
Thanks to all.