Evilsocket, a developer focused on cybersecurity, has released a new version of its Opensnitch software that is meant to serve as an open source version of the proprietary Little Snitch screening software. The new version, called Opensnitch 1.6, allows users to control the network activity of various applications in an interactive manner. The software is also able to block any undesirable network traffic. It is written in the GO programming language and runs on Python and Pyqt5 GUI. It uses the GPLv3 licence.
The new software is easy to install through prepared packages in RPM formats and Deb. Once installed, it will display a dialog box that asks for permission to continue network operation or to block network activity if there are any attempts to establish network connections that fall outside of previously established permissions. Access rules can be set that take into account applications, users, target hosts and network ports. Access can be granted on a continuous basis, or limited to the current process or a user work session.
The software also comes with several other features such as the graphical interface for filtering and the ability to maintain application and journal locks. Multiple computers can be controlled from a centralised interface. Connection is supported by a set of rules for blocking advertising, tracking code, and malicious software.
Opensnitch is based on the OpensnichD background process, which is executed with root rights and interacts with the Netfilter (Libnetfilter-Queue) packages, makes changes to the NFTables rules and tracks network traffic (Libpcap). The process is saved in the /var/log/opensnitchd.log file, and the rules are located in the /etc/opensnitchd/rules directory in JSON format. Separately, in an unhealthy mode, the user interface is made, which is written in the Python 3 language using pyqt5.
In the new version, there are several new features. The graphic interface allows users to set system package filters and access policies. Opensnitch now supports integration with external safety management platforms (SEIM, Security Information and Event Management) and systems monitoring. Determination of the names of processes, file routes and viscins of applications has been improved. Better integration with systemic DNS-risolvers and customer DNS bibliotexes has been added. There is support for advanced filtration rules that allow you to take into account new protocols, network interfaces, source ports and IP addresses. Opensnitch also now supports importing and exporting rules for transferring settings to other systems through a graphical interface. Improvements have been made to the centralized management interface for other hosts.