Monitoring application data traffic
Firewall On or Off
In the main window's header bar, on the far right, you will find the play/pause button where you can turn the firewall on and off. This button is especially important initially because you need some time to define rules for all the applications that need to contact the outside world. You can use this button to break up the task into convenient chunks of time.
In the menubar below, you will find eight tabs. The Events tab lists all contacts to the outside world in real time (Figure 5). Nodes typically only lists one socket per device, from which the OpenSnitch GUI obtains the data for visualization. The default for this is /tmp/osui.sock
.
The Rules tab, as expected, lists the application rules that have been created (Figure 6). The Hosts tab lists the remote sites that applications have attempted to contact and how often that occurred per host. The Applications tab lists the applications that tried to make contact and shows the frequency of those attempts.
The Addresses tab keeps track of the URLs contacted and the frequency of contact attempts. Ports does the same in terms of the ports on the contacted hosts, while the Users tab lists the users involved and records the number of contact attempts initiated by the users. From any of these tabs, you can edit entries that are released for editing by right-clicking on them.
To avoid losing your way when faced with many entries, you can also sort or filter the entries on the individual tabs. At the bottom of the window, you can see the number of connections during the current uptime and how many of them were rejected (dropped).
FAQs
OpenSnitch can manage virtually anything that connects to a host from a Linux system. For multi-user systems, the rules can also be defined individually for each user. According to the developers, however, OpenSnitch occasionally misses an app's connection attempt; the project wiki [7] on GitHub explains the possible reasons for this. However, I did not experience any such oversights in my test. An FAQ [8] answers frequently asked questions relating to the application firewall.
Once you have created all your rules, OpenSnitch runs unobtrusively in the background. A notification will only appear if you install a new app that makes an attempt to contact the outside world. If an app makes a conspicuous number of connections, you will want to harden the rule for that app by checking each process for an outgoing request or the domain contacted in each case, and then confirm or deny access.
Conclusions
While OpenSnitch is annoying at first, this means it is doing its job properly. You can temporarily avoid the many requests for rules by disabling the firewall and then defining more rules when it suits you. Getting started with OpenSnitch is comparatively easy thanks to the good documentation [9].
OpenSnitch is particularly interesting for browser plugins, web apps, or third-party applications in general. It helps you keep a closer eye on these applications and make adjustments to rules as necessary. You will be surprised about what some apps try to do. In conclusion, OpenSnitch definitely improves the security of your system without asking too much of you beyond the initial setup.
Infos
- Web application firewall: https://www.f5.com/services/resources/glossary/web-application-firewall
- FirePrompt: https://fireprompt.com
- GlassWire: https://www.glasswire.com
- OpenSnitch: https://github.com/evilsocket/opensnitch
- Little Snitch: https://www.obdev.at/products/littlesnitch
- Download: https://github.com/evilsocket/opensnitch/releases
- Failure to intercept: https://github.com/gustavo-iniguez-goya/opensnitch/wiki/Why-OpenSnitch-does-not-intercept-application-XXX
- FAQ: https://github.com/gustavo-iniguez-goya/opensnitch/wiki/FAQs
- Documentation: https://github.com/gustavo-iniguez-goya/opensnitch/wiki
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.
-
Plasma Desktop Will Soon Ask for Donations
The next iteration of Plasma has reached the soft feature freeze for the 6.2 version and includes a feature that could be divisive.
-
Linux Market Share Hits New High
For the first time, the Linux market share has reached a new high for desktops, and the trend looks like it will continue.
-
LibreOffice 24.8 Delivers New Features
LibreOffice is often considered the de facto standard office suite for the Linux operating system.
-
Deepin 23 Offers Wayland Support and New AI Tool
Deepin has been considered one of the most beautiful desktop operating systems for a long time and the arrival of version 23 has bolstered that reputation.
-
CachyOS Adds Support for System76's COSMIC Desktop
The August 2024 release of CachyOS includes support for the COSMIC desktop as well as some important bits for video.
-
Linux Foundation Adopts OMI to Foster Ethical LLMs
The Open Model Initiative hopes to create community LLMs that rival proprietary models but avoid restrictive licensing that limits usage.
-
Ubuntu 24.10 to Include the Latest Linux Kernel
Ubuntu users have grown accustomed to their favorite distribution shipping with a kernel that's not quite as up-to-date as other distros but that changes with 24.10.
-
Plasma Desktop 6.1.4 Release Includes Improvements and Bug Fixes
The latest release from the KDE team improves the KWin window and composite managers and plenty of fixes.
-
Manjaro Team Tests Immutable Version of its Arch-Based Distribution
If you're a fan of immutable operating systems, you'll be thrilled to know that the Manjaro team is working on an immutable spin that is now available for testing.