Is there a way to see the events in terminal?

[binarytrails]

Hi there,

I'm just wondering if it is possible to keep track of events seen in General tab of allow/deny actions directly in the terminal?

Thank you for your help! Seva

[gustavo-iniguez-goya]

hi Seva, not yet, but I've got it in the rodmap. I can't tell a date, but I'd like to have more options to visualize the data (cli, web ui ...).

[binarytrails]

@gustavo-iniguez-goya

Thank you for letting me know! Can we tag this issue as feature request?

Also, if there is some stuff started on this matter, I can extend it and a PR for it!

Cheers, Seva

[gustavo-iniguez-goya]

Nothing published yet. But I can commit a minimal and simple cli to display at least global stats.

I've taken a look at the different libs to build cli applications, because it'd be cool to be able to monitor statistics with a UI like https://github.com/mum4k/termdash/raw/master/doc/images/termdashdemo_0_9_0.gif, having different tabs like we have with the python UI. Also, besides having cli options (-show-hosts, -show-users, -show-procs), an interactive shell would be useful https://github.com/c-bata/go-prompt

[binarytrails]

@gustavo-iniguez-goya

Thank you for the update and for explaining your graphical cli vision!

Yes, it would be great to see a little sample. It may help to get started it for anyone down this road of using opensnitch in terminal directly;

[gustavo-iniguez-goya]

added an initial tool here: https://github.com/gustavo-iniguez-goya/opensnitch/tree/cli

git clone https://github.com/gustavo-iniguez-goya/opensnitch.git
cd opensnitch
git checkout cli
cd server/cli/
make
./opensnitch-cli -show-stats general

TODOs:

• Support for multiple nodes.
• List and manage rules.
• Fix rules dialog.
• Allow to configure node(s).
• Allow to select an entry (connection, host, etc), and view the details.
• Fitler statistics by fields.
• Sort statistics.

[binarytrails]

@gustavo-iniguez-goya thank you so much! amazing work, I'm gonna go through it. :octocat:

[gustavo-iniguez-goya]

cli updated a little bit, mainly for work with latest changes. I've disabled incoming rules, because it was causing some issues. And for now you have to use tcp sockets to connect to the daemon.

Just in case someone wants to try out the binary, I've attached it: 15c5389ef6f5ec824ed149694b144ce62993a1aefd7eb3a849925ca42e6a9539 op-cli

op-cli.gz

$ gunzip op-cli.gz
$ ./op-cli -show-stats general -socket-type tcp -socket-port :50051

/etc/opensnitchd/default-config.json: "Address": "127.0.0.1:50052"

[binarytrails]

@gustavo-iniguez-goya is there a way to debug it? In all cases I'm stuck at

[2020-12-26 16:46:44]  INF  Waiting for nodes...

I tried to run it while the opensnitchd system unit is running and I see that from --help :

-socket-port string
        Listening port for incoming nodes (127.0.0.1:50051, :50051, /tmp/osui.sock (default ":50051")

In my config of daemon (server) I have:

cat /etc/opensnitchd/default-config.json
{
    "Server":
    {
        "Address":"unix:///tmp/osui.sock",
        "LogFile":"/var/log/opensnitchd.log"
    },
    ...
    "LogLevel": 2
}

[gustavo-iniguez-goya]

I think you may have the GUI running.

Try out this binary. I've improved connecting to unix sockets. It should tell you if there's a UI running or if it can't listening for nodes for any reason.

op-cli.gz

[binarytrails]

Hi @gustavo-iniguez-goya , I prefer to build the package so I did a git pull but now looking into this error on make:

mr opensnitch $ git log -1
commit e34fb01643826dbdaca09e5ab59c8e2a2fb2f63e (HEAD -> cli, origin/cli)
Author: Gustavo Iñiguez Goia <gooffy1@gmail.com>
Date:   Sun Dec 27 11:34:12 2020 +0100

    improved listening on unix sockets

    - Avoid listening for nodes if there's another UI running.
    - Exit if we can't delete a residual unix socket file.
mr opensnitch $ make
make[1]: Entering directory '/home/mr/git/fork/opensnitch/proto'
python3 -m grpc_tools.protoc -I. --python_out=../ui/opensnitch/ --grpc_python_out=../ui/opensnitch/ ui.proto
make[1]: Leaving directory '/home/mr/git/fork/opensnitch/proto'
make[1]: Entering directory '/home/mr/git/fork/opensnitch/ui'
Collecting grpcio-tools==1.10.1
  Using cached grpcio-tools-1.10.1.tar.gz (1.9 MB)
Requirement already satisfied: pyinotify==0.9.6 in /usr/lib/python3.9/site-packages (from -r requirements.txt (line 2)) (0.9.6)
Collecting unicode_slugify==0.1.3
  Using cached unicode-slugify-0.1.3.tar.gz (4.4 kB)
Collecting pyqt5==5.10.1
  Downloading PyQt5-5.10.1-5.10.1-cp35.cp36.cp37.cp38-abi3-manylinux1_x86_64.whl (107.8 MB)
     |████████████████████████████████| 107.8 MB 37 kB/s 
Requirement already satisfied: protobuf>=3.5.0.post1 in /usr/lib/python3.9/site-packages (from grpcio-tools==1.10.1->-r requirements.txt (line 1)) (3.12.4)
Requirement already satisfied: grpcio>=1.10.1 in /usr/lib/python3.9/site-packages (from grpcio-tools==1.10.1->-r requirements.txt (line 1)) (1.34.0)
Requirement already satisfied: six in /usr/lib/python3.9/site-packages (from unicode_slugify==0.1.3->-r requirements.txt (line 3)) (1.15.0)
Collecting unidecode
  Downloading Unidecode-1.1.2-py2.py3-none-any.whl (239 kB)
     |████████████████████████████████| 239 kB 1.8 MB/s 
ERROR: Could not find a version that satisfies the requirement sip<4.20,>=4.19.4 (from pyqt5==5.10.1->-r requirements.txt (line 4)) (from versions: 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.3.0, 5.4.0, 5.5.0)
ERROR: No matching distribution found for sip<4.20,>=4.19.4 (from pyqt5==5.10.1->-r requirements.txt (line 4))
make[1]: *** [Makefile:10: deps] Error 1
make[1]: Leaving directory '/home/mr/git/fork/opensnitch/ui'
make: *** [Makefile:14: ui/resources_rc.py] Error 2

[gustavo-iniguez-goya]

You only need to build the cli tool:

$ cd /home/mr/git/fork/opensnitch/server/cli
$ go build -o op-cli .

[binarytrails]

@gustavo-iniguez-goya

Alright! It works with tcp sockets only as in (1) but fails with the current unix socket as in (2), please see:

1. tcp socket works but how to start the opensnitch-ui?

   $ grep -i address /etc/opensnitchd/default-config.json
   "Address": "127.0.0.1:50052",
   $ ./op-cli -show-stats general -socket-type tcp -socket-port :50052

   I wonder how would I find the tcp socket file without guessing the /proc/<opensnitchd-pid>/fd/<fd> file?

   $ /usr/bin/opensnitch-ui 127.0.0.1:50052
   usage: opensnitch-ui [-h] [--socket FILE] [--max-clients SERVERWORKERS]
   opensnitch-ui: error: unrecognized arguments: 127.0.0.1:50052

2. unix socket works with opensnitch-ui (default Arch Linux install) but how to make the op-cli take it?

   $ grep -i address /etc/opensnitchd/default-config.json
       "Address":"unix:///tmp/osui.sock",
   $ ./op-cli -show-stats general -socket-type unix -socket-port /tmp/osui.sock

   This produces an empty view with flickering and empty UI in terminal for op-cli.

3. Your fix telling a UI is running works just fine!

   [2020-12-27 18:37:00]  INF  Waiting for nodes...
   [2020-12-27 18:37:00]  !!!  There's another GUI/TUI/*UI running. Please, close it before launching this UI.

[gustavo-iniguez-goya]

tcp socket works but how to start the opensnitch-ui?

The problem is that the UIs act like servers, so you can only have one UI running at a time.

node 1  \
node 2 --> connect -> UI (server)
node 3  /

I haven't investigated if it can work as a many<-to->many relationship.

I wonder how would I find the tcp socket file without guessing the /proc//fd/ file?

See what server address you've configured for the daemon in the default_config.json. Then use the --socket parameter: /usr/local/bin/opensnitch-ui --socket [::]:50052 (or 127.0.0.1:50051 or unix:///tmp/osui.sock)

unix socket works with opensnitch-ui (default Arch Linux install) but how to make the op-cli take it?

Your command is correct, it should display the last stats of the daemon, if the daemon server address is unix:///tmp/osui.sock. Move around with the left/right keys to see if there're other stats (by host, by user, etc).

[binarytrails]

@gustavo-iniguez-goya just tested it and it works like a charm! i'm at f1d406f19b75248702b1e8b5480c9b227c3d4de5

very nice the tabs for hits per host, process, address, port & uid, very useful grouping.

to install I did:

cd server/cli/
go get
go build -o op-cli
./op-cli -show-stats general -socket-type unix -socket-port /tmp/osui.sock

the only thing I wonder, is there a way to accept, allow the new connections or it is a future feature request?

great work, seva

[gustavo-iniguez-goya]

thank you for the feedback!

the only thing I wonder, is there a way to accept, allow the new connections or it is a future feature request?

not yet. Well, it's coded but I disabled it because it caused some issues. I was wondering how to let the user know about outoing connections. If you're not watching the events (because you are on another terminal or desktop) you may miss the option to allow/deny it. One way could be to display a notification using notify-send if you're on a X server.

On the other hand, there's some intention to extend this tool to manage the config, fw and app rules (I don't have much time lately to focus on this): https://github.com/evilsocket/opensnitch/issues/334#issuecomment-762447757

Let's keep this issue open in order to keep tracking the progress.

[binarytrails]

@gustavo-iniguez-goya

thanks for the info! sounds good, better keep this one open than track multiple issues. you're right.

yesterday, I started to explore your code for this, I think it start around here: https://github.com/gustavo-iniguez-goya/opensnitch/blob/f1d406f19b75248702b1e8b5480c9b227c3d4de5/server/cli/views/views.go#L97-L100 which then leads to: https://github.com/gustavo-iniguez-goya/opensnitch/blob/f1d406f19b75248702b1e8b5480c9b227c3d4de5/server/cli/views/rules.go#L64 https://github.com/gustavo-iniguez-goya/opensnitch/blob/f1d406f19b75248702b1e8b5480c9b227c3d4de5/server/cli/views/rules.go#L97

I think the best to be able to ask the user within the terminal in a optional and non-blocking way.

It would definitely add a lot of added value because we could run opensnitch without an X server anywhere!