rebuilderd
picosnitch
rebuilderd | picosnitch | |
---|---|---|
6 | 33 | |
344 | 586 | |
- | - | |
5.3 | 8.6 | |
6 months ago | 4 months ago | |
Rust | Python | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rebuilderd
-
Towards a Reproducible F-Droid
Arch Linux is heavily invested into it:
- https://reproducible.archlinux.org/ - Attempts to reproduce the distributed binary packages from source using reproducible builds tooling. This already works for a big chunk of packages.
- https://github.com/archlinux/archlinux-repro - This is a wrapper for Arch Linux build tooling that creates a build environment in a container that has the same packages installed as the original build environment back then. Software is expected to build reproducible in this environment and many ecosystems already do by default (Rust for example, to name one).
- https://github.com/kpcyrd/rebuilderd - This monitors the packages in Arch Linux, runs archlinux-repro on all of them and hosts the results. There are other projects supported but Arch Linux works best at the moment, and archlinux-repro offers the best integration I'm currently aware of.
There are surprisingly few people interested in running this stack on their own for verification purpose though.
-
Paranoia About Everything
Independent rebuilders can mitigate this to some degree, unless you can compromise all of them in some way. Some are listed on https://rebuilderd.com/, this is based on reproducible builds and only works for reproducible packages/software though.
-
Debian's rebuilds going up in Purdue's rebuilderd instance!
As many of you may know, one of Debian's most pressing issues for a long time has been working towards bit-for-bit reproducibility of its binary packages. Part of this initiative led to the Reproducible Builds project, in which other projects have joined with the goal of having reproducible builds of their instances. Until now, Debian's reproducibility was theoretical, as there was no proper rebuilding tool to verify its binary package reproducibility empirically. Recently, Arch Linux (and specifically one of its Trusted Users, who goes by 'kpcyrd' online, who in addition maintains packages for Debian and Alpine) produced an independent tool for verifying the reproducibility of binary packages called rebuilderd and has had its own instance running for quite some time. Apparently, collaboration between Arch Linux and Debian (and probably many other programmers and projects) lead to Debian's own instance of rebuilderd hosted by the Purdue University. You can see at Debian's reproducibility progress at:
- rebuilderd 0.9.0: reproducible builds verification system used by Arch Linux
- rebuilderd 0.9.0 has been released
picosnitch
-
Linux runtime security agent powered by eBPF
Yep, and from my experience too (made a tool that monitors network traffic with eBPF [1]) in addition to those issues there is also a sizable latency hit.
[1] https://github.com/elesiuta/picosnitch
-
Monitor bandwidth usage with bandwhich (and build a snap package of it)
Similar to bandwhich, I recently created a snap of my own bandwidth monitor, picosnitch [1]. However I was only able to get it working with classic confinement (so it can't be published on the store) due to there being no snap interfaces for fanotify or BPF kfuncs.
I already packaged it for nearly every distro, but unfortunately most don't have dash [2] in their repos so the user needs to install it separately, and I was hoping that snap would be an easier solution for that.
[1] https://github.com/elesiuta/picosnitch/blob/master/snap/snap...
[2] https://repology.org/project/python:dash/versions
-
What kind of applications are missing from the Linux ecosystem?
I created picosnitch which can do this
-
gnome-shell Runaway Bandwidth - More in Comments
If you're still having this issue, you can try picosnitch (I recently made it available in copr).
-
Help identifying which process is sending network requests
You can use picosnitch for this, I'm the developer and this is exactly the use case I had in mind when designing it (24/7 monitoring of traffic on a per executable basis, primarily in containerized environments).
-
Little Snitch Mini
I wrote picosnitch [1] which has the same notification and bandwidth monitoring features, however it doesn't block traffic for a couple reasons: avoiding scope creep so I can focus on more reliable detection and do things like hash every executable, which makes it harder to block traffic in a timely fashion.
https://github.com/elesiuta/picosnitch
-
System monitor that lists network usage for each process
I also wrote a program (picosnitch) which is newer than that list and has a bunch of features none of those other tools have, in case you're interested in checking it out!
-
linux security
which basically says launchpad builds the package directly from that repository, which states: This repository is an import of the Git repository at https://github.com/elesiuta/picosnitch.git.
-
Linux software list. Discussion and advice welcome!
picosnitch - monitors and hashes programs that connect to the internet, and can check them with VirusTotal.
-
What's your goto open source network & bandwidth monitors
For Linux, I created picosnitch which does exactly what you're looking for.
What are some alternatives?
libfaketime - libfaketime modifies the system time for a single application
opensnitch - OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
git2-rs - libgit2 bindings for Rust
goflow2 - High performance sFlow/IPFIX/NetFlow Collector
pacman-bintrans - Experimental binary transparency for pacman with sigstore and rekor
ElastiFlow - Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
modus - A language for building Docker/OCI container images
How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
ismyarchverifiedyet - :construction: Experimental script to query rebuilderd for results :construction:
conntrack_exporter - Prometheus exporter for tracking network connections
autovet - Automated security testing for open source libraries and applications.
nsntrace - Perform network trace of a single process by using network namespaces.