From: Petter Reinholdtsen Date: Sat, 13 May 2023 10:12:09 +0000 (+0200) Subject: Generated. X-Git-Url: https://pere.pagekite.me/gitweb/homepage.git/commitdiff_plain/3914f73c862bfa655ba4f05dbd7e3333f91cdd15?ds=sidebyside Generated. --- diff --git a/blog/tags/opensnitch/index.html b/blog/tags/opensnitch/index.html new file mode 100644 index 0000000000..c651dcedc3 --- /dev/null +++ b/blog/tags/opensnitch/index.html @@ -0,0 +1,741 @@ + + + + + Petter Reinholdtsen: Entries Tagged opensnitch + + + + + +
+

+ Petter Reinholdtsen + +

+ +
+ + +

Entries tagged "opensnitch".

+ +
+
+ OpenSnitch in Debian ready for prime time +
+
+ 13th May 2023 +
+
+

A bit delayed, +the interactive +application firewall OpenSnitch package in Debian now got the +latest fixes ready for Debian Bookworm. Because it depend on a +package missing on some architectures, the autopkgtest check of the +testing migration script did not understand that the tests were +actually working, so the migration was delayed. A bug in the package +dependencies is also fixed, so those installing the firewall package +(opensnitch) now also get the GUI admin tool (python3-opensnitch-ui) +installed by default. I am very grateful to Gustavo Iñiguez Goya for +his work on getting the package ready for Debian Bookworm.

+ +

Armed with this package I have discovered some surprising +connections from programs I believed were able to work completly +offline, and it has already proven its worth, at least to me. If you +too want to get more familiar with the kind of programs using +Internett connections on your machine, I recommend testing apt +install opensnitch in Bookworm and see what you think.

+ +

The package is still not able to build its eBPF module within +Debian. Not sure how much work it would be to get it working, but +suspect some kernel related packages need to be extended with more +header files to get it working.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

+ +
+
+ + + Tags: debian, english, opensnitch. + + +
+
+
+ +
+
+ OpenSnitch available in Debian Sid and Bookworm +
+
+ 25th February 2023 +
+
+

Thanks to the efforts of the OpenSnitch lead developer Gustavo +Iñiguez Goya allowing me to sponsor the upload, +the interactive +application firewall OpenSnitch is now available in Debian +Testing, soon to become the next stable release of Debian.

+ +

This is a package which set up a network firewall on one or more +machines, which is controlled by a graphical user interface that will +ask the user if a program should be allowed to connect to the local +network or the Internet. If some background daemon is trying to dial +home, it can be blocked from doing so with a simple mouse click, or by +default simply by not doing anything when the GUI question dialog pop +up. A list of all programs discovered using the network is provided +in the GUI, giving the user an overview of how the machine(s) programs +use the network.

+ +

OpenSnitch was uploaded for NEW processing about a month ago, and I +had little hope of it getting accepted and shaping up in time for the +package freeze, but the Debian ftpmasters proved to be amazingly quick +at checking out the package and it was accepted into the archive about +week after the first upload. It is now team maintained under the Go +language team umbrella. A few fixes to the default setup is only in +Sid, and should migrate to Testing/Bookworm in a week.

+ +

During testing I ran into an +issue +with Minecraft server broadcasts disappearing, which was quickly +resolved by the developer with a patch and a proposed configuration +change. I've been told this was caused by the Debian packages default +use if /proc/ information to track down kernel status, instead of the +newer eBPF module that can be used. The reason is simply that +upstream and I have failed to find a way to build the eBPF modules for +OpenSnitch without a complete configured Linux kernel source tree, +which as far as we can tell is unavailable as a build dependency in +Debian. We tried unsuccessfully so far to use the kernel-headers +package. It would be great if someone could provide some clues how to +build eBPF modules on build daemons in Debian, possibly without the full +kernel source.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

+ +
+
+ + + Tags: debian, english, opensnitch. + + +
+
+
+ +
+
+ Opensnitch, the application level interactive firewall, heading into the Debian archive +
+
+ 22nd January 2023 +
+
+

While reading a +blog +post claiming MacOS X recently started scanning local files and +reporting information about them to Apple, even on a machine where +all such callback features had been disabled, I came across a +description of the Little Snitch application for MacOS X. It seemed +like a very nice tool to have in the tool box, and I decided to see if +something similar was available for Linux.

+ +

It did not take long to find +the OpenSnitch +package, which has been in development since 2017, and now is in +version 1.5.0. It has had a +request for Debian +packaging since 2018, but no-one completed the job so far. Just +for fun, I decided to see if I could help, and I was very happy to +discover that +upstream +want a Debian package too.

+ +

After struggling a bit with getting the program to run, figuring +out building Go programs (and a little failed detour to look at eBPF +builds too - help needed), I am very happy to report that I am +sponsoring upstream to maintain the package in Debian, and it has +since this morning been waiting in NEW for the ftpmasters to have a +look. Perhaps it can get into the archive in time for the Bookworm +release?

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

+ +
+
+ + + Tags: debian, english, opensnitch. + + +
+
+
+ +

RSS Feed

+ +

+ Created by Chronicle v4.6 +

+ + + diff --git a/blog/tags/opensnitch/opensnitch.rss b/blog/tags/opensnitch/opensnitch.rss new file mode 100644 index 0000000000..a47cfa9a1c --- /dev/null +++ b/blog/tags/opensnitch/opensnitch.rss @@ -0,0 +1,134 @@ + + + + Petter Reinholdtsen - Entries tagged opensnitch + Entries tagged opensnitch + https://people.skolelinux.org/pere/blog/ + + + + OpenSnitch in Debian ready for prime time + https://people.skolelinux.org/pere/blog/OpenSnitch_in_Debian_ready_for_prime_time.html + https://people.skolelinux.org/pere/blog/OpenSnitch_in_Debian_ready_for_prime_time.html + Sat, 13 May 2023 12:10:00 +0200 + <p>A bit delayed, +<a href="https://tracker.debian.org/pkg/opensnitch">the interactive +application firewall OpenSnitch</a> package in Debian now got the +latest fixes ready for Debian Bookworm. Because it depend on a +package missing on some architectures, the autopkgtest check of the +testing migration script did not understand that the tests were +actually working, so the migration was delayed. A bug in the package +dependencies is also fixed, so those installing the firewall package +(opensnitch) now also get the GUI admin tool (python3-opensnitch-ui) +installed by default. I am very grateful to Gustavo Iñiguez Goya for +his work on getting the package ready for Debian Bookworm.</p> + +<p>Armed with this package I have discovered some surprising +connections from programs I believed were able to work completly +offline, and it has already proven its worth, at least to me. If you +too want to get more familiar with the kind of programs using +Internett connections on your machine, I recommend testing <tt>apt +install opensnitch</tt> in Bookworm and see what you think.</p> + +<p>The package is still not able to build its eBPF module within +Debian. Not sure how much work it would be to get it working, but +suspect some kernel related packages need to be extended with more +header files to get it working.</p> + +<p>As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p> + + + + + OpenSnitch available in Debian Sid and Bookworm + https://people.skolelinux.org/pere/blog/OpenSnitch_available_in_Debian_Sid_and_Bookworm.html + https://people.skolelinux.org/pere/blog/OpenSnitch_available_in_Debian_Sid_and_Bookworm.html + Sat, 25 Feb 2023 20:30:00 +0100 + <p>Thanks to the efforts of the OpenSnitch lead developer Gustavo +Iñiguez Goya allowing me to sponsor the upload, +<a href="https://tracker.debian.org/pkg/opensnitch">the interactive +application firewall OpenSnitch</a> is now available in Debian +Testing, soon to become the next stable release of Debian.</p> + +<p>This is a package which set up a network firewall on one or more +machines, which is controlled by a graphical user interface that will +ask the user if a program should be allowed to connect to the local +network or the Internet. If some background daemon is trying to dial +home, it can be blocked from doing so with a simple mouse click, or by +default simply by not doing anything when the GUI question dialog pop +up. A list of all programs discovered using the network is provided +in the GUI, giving the user an overview of how the machine(s) programs +use the network.</p> + +<p>OpenSnitch was uploaded for NEW processing about a month ago, and I +had little hope of it getting accepted and shaping up in time for the +package freeze, but the Debian ftpmasters proved to be amazingly quick +at checking out the package and it was accepted into the archive about +week after the first upload. It is now team maintained under the Go +language team umbrella. A few fixes to the default setup is only in +Sid, and should migrate to Testing/Bookworm in a week.</p> + +<p>During testing I ran into an +<a href="https://github.com/evilsocket/opensnitch/issues/813">issue +with Minecraft server broadcasts disappearing</a>, which was quickly +resolved by the developer with a patch and a proposed configuration +change. I've been told this was caused by the Debian packages default +use if /proc/ information to track down kernel status, instead of the +newer eBPF module that can be used. The reason is simply that +upstream and I have failed to find a way to build the eBPF modules for +OpenSnitch without a complete configured Linux kernel source tree, +which as far as we can tell is unavailable as a build dependency in +Debian. We tried unsuccessfully so far to use the kernel-headers +package. It would be great if someone could provide some clues how to +build eBPF modules on build daemons in Debian, possibly without the full +kernel source.</p> + +<p>As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p> + + + + + Opensnitch, the application level interactive firewall, heading into the Debian archive + https://people.skolelinux.org/pere/blog/Opensnitch__the_application_level_interactive_firewall__heading_into_the_Debian_archive.html + https://people.skolelinux.org/pere/blog/Opensnitch__the_application_level_interactive_firewall__heading_into_the_Debian_archive.html + Sun, 22 Jan 2023 23:55:00 +0100 + <p>While reading a +<a href="https://sneak.berlin/20230115/macos-scans-your-local-files-now/">blog +post claiming MacOS X recently started scanning local files and +reporting information about them to Apple</a>, even on a machine where +all such callback features had been disabled, I came across a +description of the Little Snitch application for MacOS X. It seemed +like a very nice tool to have in the tool box, and I decided to see if +something similar was available for Linux.</p> + +<p>It did not take long to find +<a href="https://github.com/evilsocket/opensnitch">the OpenSnitch +package</a>, which has been in development since 2017, and now is in +version 1.5.0. It has had a +<a href="https://bugs.debian.org/909567">request for Debian +packaging</a> since 2018, but no-one completed the job so far. Just +for fun, I decided to see if I could help, and I was very happy to +discover that +<a href="https://github.com/evilsocket/opensnitch/issues/304">upstream +want a Debian package too</a>.</p> + +<p>After struggling a bit with getting the program to run, figuring +out building Go programs (and a little failed detour to look at eBPF +builds too - help needed), I am very happy to report that I am +sponsoring upstream to maintain the package in Debian, and it has +since this morning been waiting in NEW for the ftpmasters to have a +look. Perhaps it can get into the archive in time for the Bookworm +release?</p> + +<p>As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p> + + + + +