Linux-based operating systems have a large number of protections to mitigate attacks, prevent privilege escalation, and other very common attacks on this operating system. Although Linux is very safe if configured properly, we should not stop taking care of our operating system completely, since threats continue to exist. Currently there are several Linux firewalls available, which we can install and use to make our Linux system more secure and reliable. Today we are going to see one of the tools included within firewalls with a very promising future, OpenSnitch.
What is OpenSnitch?
OpenSnitch is a firewall application written in Python for GNU / Linux-based operating systems, so, in principle, any GNU / Linux-based operating system is compatible with this program, which will add extra security.
OpenSnitch’s method of operation is to check all Internet connection requests made by all applications that have been installed on the operating system. This program allows the creation of specific rules for the different applications that we have installed on our computer or Linux server, these rules will allow or deny Internet access when they request it. It is possible that, an application that has not created a rule, tries to access the Internet, at that moment, a text box will appear that will give us the option to allow the connection or deny it, without having to go so specifically to create one rule for the particular application.
Other available options are the possibility of saving the decision as a rule so that it remains on the list for the next times that specific application requires Internet access, we can apply the rule to the exact URL of the domain that you are trying to reach. . We will also have the possibility of allowing it temporarily, and that when we restart the server or the computer this added rule disappears.
All the rules that we create in OpenSnitch will be stored as JSON files (type of file that only OpenSnitch can handle), in this way, we can modify them later if necessary manually. OpenSnitch has a very intuitive graphical user interface, which will allow us to see which applications are accessing the internet at that moment, which IP address is being used by the equipment, which user is using both the system and OpenSnitch itself and which port is being used. using for all of it.
Another very useful option that OpenSnitch has is to create a report in CSV format with all the information, here we will find the firewall configuration and all the saved applications.
Installing OpenSnitch on Linux
We are going to proceed with the installation of OpenSnitch, as you can see all the commands that we will use for the installation are intended for Debian or Ubuntu users so, if you are using another distribution, you will have to adjust the commands to the distribution that you have installed on your team.
First, we will install everything necessary so that OpenSnitch can work, including Go and also Git, both are totally necessary for the correct installation, since we do not have Opensnitch in the official repositories of the different Linux distributions. How could it be otherwise, we will have to log in as root in our operating system, or execute the command “sudo” in front of the installation command through the repositories. Our recommendation, as we are going to have to carry out several steps and install several programs, is that you log in with the popular “sudo su” to already have superuser permissions and not need to execute “sudo” in front of each command.
sudo apt-get install protobuf-compiler libpcap-dev libnetfilter-queue-dev python3-pip golang git
go get github.com/golang/protobuf/protoc-gen-go
go get -u github.com/golang/dep/cmd/dep
python3 -m pip install –user grpcio-tools
Next, we will have to clone the OpenSnitch repository. At startup, the installation will likely return a message stating that no Go files were found. We will ignore this message, but if another one assaults us telling us that we are missing the git, we will have to stop to install it. By default the “GOPATH” is in / home / user / go
go get github.com/evilsocket/opensnitch
cd $ GOPATH / src / github.com / evilsocket / opensnitch
If the $ GOPATH environment variable is not set correctly, we will get an error saying “this folder was not found” in the above command. To solve this we will use the cd command to go to the location of the folder “/home/usuario/go/src/github.com/evilsocket/opensnitch” that was in series in the system installation. Now, we install it in the typical way:
make
sudo make install
Once installed correctly, we will enable it as follows:
sudo systemctl enable opensnitchd
sudo service opensnitchd start
opensnitch-ui
And we will access the graphical user interface where we will have all the information and actions that we can carry out with this great program.
Use experience with OpenSnitch
This program is really useful to allow or deny the network traffic of the different applications, web browsers, FTP clients, programs like Skype, Google Drive and any program that needs an Internet connection to work. With OpenSnitch we can control all connections in detail, and allow or deny everything at the application level, and not at the IP address or port level as is the case with the popular iptables or nftables firewall that Debian-based operating systems incorporate by default.
It is possible that at the beginning we have dozens of messages indicating that an application has tried to access the Internet, this is completely normal at first, because all applications must be specifically allowed in the program, therefore, we will have the best possible security because it is configured in restrictive mode. By default everything is blocked, except what is specifically allowed in the application firewall.
Finally, we would like to indicate that all the rules created at a certain time can be easily exported in JSON format, to be imported into another Linux operating system, that is, we can perform tests locally or in a virtual machine, and later copy this JSON file on the server in production, without having any kind of problem.
Thanks to the good functioning of OpenSnitch, we will be able to control all the accesses of any program that we have in our equipment, if you want a complete firewall at the application level, this software is ideal for you.
