OpenSnitch is a GNU/Linux port of the Little Snitch application firewall

1. opensnitch

   1 222 11,380 9.3 Python

   OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

   

   Agree on the GUI however opensnitch does seem to assume a single user with a single X server, I have not been able to figure out a way last time I tried to get it to work with say 2 X servers and a VNC session or two running concurrently (meaning I couldn’t figure out a way to get connection alerts anywhere but in one of them, as also described here https://github.com/evilsocket/opensnitch/issues/388 )

   Little snitch does not have this issues and you can have multiple users logged in with fast user switching and all can operate their notifications no problem.

2. CodeRabbit

   coderabbit.ai featured

   CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

   

3. tiny-snitch

   2 9 63 3.1 Go

   an interactive firewall for inbound and outbound connections

   

   the issue is that libnetfilterqueue doesn’t have pid information, and so that must be looked up or joined to another data stream at runtime. this can fail. flakes at this point can be dangerous, and can reduce confidence in the system. they can also encourage you to add rules at both system and program level, which is annoying.

   one alternative is to specify rules at system level instead of program level. that’s the approach i ended up landing on[1]. i wish i had finer granularity, but i’m glad i don’t have flakes.

   it’s hard to imagine that monitoring network exfil isn’t THE best way to secure any system. at the least, it’s an important and necessary step.

   1. https://github.com/nathants/tinysnitch

4. picosnitch

   3 33 692 8.6 Python

   Monitor Network Traffic Per Executable, Beautifully Visualized

   > Linux is still dicey to correlate traffic with a particular app, especially if the connection is/was shortlived.

   This is actually pretty easy and reliable to do now with BPF[0].

   I also used the same approach to create a somewhat user-friendly TUI and web dashboard for it[1]. It is able to hash the executable (even if it was shortlived).

   [0] https://www.gcardone.net/2020-07-31-per-process-bandwidth-mo...

   [1] https://github.com/elesiuta/picosnitch

5. bcc

   4 79 21,084 9.0 C

   BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more

   

   Thanks! Also I used lost_cb [0] to detect if a packet or connection (with security_socket_connect) was missed between the BPF and Python parts, but is it possible for the BPF program to miss either entirely without triggering that callback?

   If so (without a kernel vulnerability which should be a given) I'd like to have it mentioned under the limitations section so others can be aware as well.

   [0] https://github.com/iovisor/bcc/blob/master/docs/reference_gu...

6. plonky

   5 3 1 3.1 Perl

   a Perl program to generate a conky rc file

   

   You can use lsof in Linux to show connexions:

   lsof -i -n -P | grep "\\-\>" | awk '{a[\$1"_p"\$2]++;}END{ for (it in a){print it,a[it]}}' | sort -nr -k2,2

   This project uses conky to display the current connexions:

   https://github.com/viviparous/plonky/blob/main/plonky.pl

7. rustdesk

   6 503 84,134 9.9 Rust

   An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

   

   I've got a self hosted host in my office. When you deploy a client, you can rename the Windows exe to include the DNS name and public key of your host and it will then use them - clever idea. So I don't think you need their TURN/STUN. I suspect those are simply provided as a service and nothing more sinister.

   They also provide three or so really low spec jump boxes to get people up and running if they can't self host - again, I call that altruism not sinister.

   I will get Wireshark out anyway to check about this stuff next week.

   You can do your own real due-dil stuff yourself by browsing around this: https://github.com/rustdesk/rustdesk - read the issues, browse the source (read the comments!) get a feel for the software.

   I'm asserting that it is no worse than anything else. I can also assert that the binaries that I get on Arch Linux are probably from the official sources (I checked a few strings etc). I can't sign off the Windows binaries but I can assert that I do trust them from their GitHub repo.

   I can assert things until I'm blue in the face but I trust rustdesk more than most remote access facilities for now but I am still kicking the tyres.

8. libprocesshider

   7 1 1,030 10.0 C

   Hide a process under Linux using the ld preloader (https://sysdig.com/blog/hiding-linux-processes-for-fun-and-profit/)

   unfortunately malicious lkms and userland rootkits can hide processes/connections from lsof/netstat

   https://github.com/gianlucaborello/libprocesshider

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. opensnitch

    8 3 397 0.0 Python

    OpenSnitch is a GNU/Linux application firewall (by gustavo-iniguez-goya)

    > Besides, why would I want to Wireshark my browser?

    https://github.com/gustavo-iniguez-goya/opensnitch/issues/21

    https://nullsweep.com/why-is-this-website-port-scanning-me/

    https://user-images.githubusercontent.com/2742953/84960681-9...

Suggest a related project