matt/patronageos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hardened malloc. networking + firewall. json based config.

Browse Source
This commit is contained in:
matt
2026-02-08 12:36:23 -07:00
parent cdb972579a
commit 2770dfc964
46 changed files with 1443 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
config/settings/opensnitch/default-config.json Executable file
View File

@@ -0,0 +1,37 @@
{
"Server": {
"Address": "unix:///tmp/osui.sock",
"LogFile": "/var/log/opensnitchd.log",
"Authentication": {
"Type": "simple",
"TLSOptions": {
"CACert": "",
"ServerCert": "",
"ClientCert": "",
"ClientKey": "",
"SkipVerify": false,
"ClientAuthType": "no-client-cert"
}
}
},
"DefaultAction": "deny",
"DefaultDuration": "once",
"InterceptUnknown": false,
"ProcMonitorMethod": "ebpf",
"LogLevel": 2,
"LogUTC": true,
"LogMicro": false,
"Firewall": "nftables",
"Rules": {
"Path": "/etc/opensnitchd/rules/"
},
"Stats": {
"MaxEvents": 150,
"MaxStats": 25,
"Workers": 6
},
"Internal": {
"GCPercent": 100,
"FlushConnsOnStart": false
}
}

26
config/settings/opensnitch/rules/allow-always-list-usr-changelog.json Executable file
View File

@@ -0,0 +1,26 @@
{
"created": "2026-01-28T11:11:49-07:00",
"updated": "2026-01-28T11:11:49-07:00",
"name": "allow-always-list-usr-changelog",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "changelogs.ubuntu.com",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

33
config/settings/opensnitch/rules/allow-always-list-usr-dot.json Executable file
View File

@@ -0,0 +1,33 @@
{
"created": "2026-01-28T11:10:32-07:00",
"updated": "2026-01-28T11:10:32-07:00",
"name": "allow-always-list-usr-lib-systemd-systemd-resolved-853",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.port",
"data": "853",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/systemd/systemd-resolved",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/allow-always-list-usr-lib-apt-methods-http-brave-browser-apt-release-s3-brave-com-443-42.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:12:09-07:00",
"updated": "2026-01-28T11:12:09-07:00",
"name": "allow-always-list-usr-lib-apt-methods-http-brave-browser-apt-release-s3-brave-com-443-42",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "brave-browser-apt-release.s3.brave.com",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "443",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "42",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/apt/methods/http",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/allow-always-list-usr-lib-apt-methods-http-brave-browser-apt-release-s3-brave-com-53-42.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:12:05-07:00",
"updated": "2026-01-28T11:12:05-07:00",
"name": "allow-always-list-usr-lib-apt-methods-http-brave-browser-apt-release-s3-brave-com-53-42",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "brave-browser-apt-release.s3.brave.com",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "42",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/apt/methods/http",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/allow-always-list-usr-lib-apt-methods-http-https-tcp-brave-browser-apt-release-s3-brave-com-53-42.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:13:04-07:00",
"updated": "2026-01-28T11:13:04-07:00",
"name": "allow-always-list-usr-lib-apt-methods-http-https-tcp-brave-browser-apt-release-s3-brave-com-53-42",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "_https._tcp.brave-browser-apt-release.s3.brave.com",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "42",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/apt/methods/http",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/allow-always-list-usr-lib-apt-methods-http-ubuntu-com-53-42.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:11:49-07:00",
"updated": "2026-01-28T11:11:49-07:00",
"name": "allow-always-list-usr-lib-apt-methods-http-ubuntu-com-53-42",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "^(|.*\\.)ubuntu\\.com$",
"type": "regexp",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "42",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/apt/methods/http",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/allow-always-list-usr-lib-apt-methods-http-ubuntu-com-80-42.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:11:57-07:00",
"updated": "2026-01-28T11:11:57-07:00",
"name": "allow-always-list-usr-lib-apt-methods-http-ubuntu-com-80-42",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "^(|.*\\.)ubuntu\\.com$",
"type": "regexp",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "80",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "42",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/apt/methods/http",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-lib-snapd-snapd-api-snapcraft-io-443.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-02-07T11:02:20-07:00",
"updated": "2026-02-07T11:02:20-07:00",
"name": "allow-always-list-usr-lib-snapd-snapd-api-snapcraft-io-443",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "api.snapcraft.io",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "443",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/snapd/snapd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-lib-snapd-snapd-api-snapcraft-io-53.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-02-07T11:01:46-07:00",
"updated": "2026-02-07T11:01:46-07:00",
"name": "allow-always-list-usr-lib-snapd-snapd-api-snapcraft-io-53",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "api.snapcraft.io",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/snapd/snapd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-lib-snapd-snapd-dashboard-snapcraft-io-443.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-02-07T11:02:56-07:00",
"updated": "2026-02-07T11:02:56-07:00",
"name": "allow-always-list-usr-lib-snapd-snapd-dashboard-snapcraft-io-443",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "dashboard.snapcraft.io",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "443",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/snapd/snapd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-lib-snapd-snapd-dashboard-snapcraft-io-53.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-02-07T11:02:48-07:00",
"updated": "2026-02-07T11:02:48-07:00",
"name": "allow-always-list-usr-lib-snapd-snapd-dashboard-snapcraft-io-53",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "dashboard.snapcraft.io",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/snapd/snapd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-lib-snapd-snapd-snapcraftcontent-com-443.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-02-07T11:02:38-07:00",
"updated": "2026-02-07T11:02:38-07:00",
"name": "allow-always-list-usr-lib-snapd-snapd-snapcraftcontent-com-443",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "^(|.*\\.)snapcraftcontent\\.com$",
"type": "regexp",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "443",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/snapd/snapd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-lib-snapd-snapd-snapcraftcontent-com-53.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-02-07T11:02:28-07:00",
"updated": "2026-02-07T11:02:28-07:00",
"name": "allow-always-list-usr-lib-snapd-snapd-snapcraftcontent-com-53",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "^(|.*\\.)snapcraftcontent\\.com$",
"type": "regexp",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/lib/snapd/snapd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-sbin-chronyd-123.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-01-28T11:09:37-07:00",
"updated": "2026-01-28T11:09:37-07:00",
"name": "allow-always-list-usr-sbin-chronyd-123",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.port",
"data": "123",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "102",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/sbin/chronyd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-sbin-chronyd-4-ntp-ubuntu-com-53.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-01-31T00:30:23-07:00",
"updated": "2026-01-31T00:30:23-07:00",
"name": "allow-always-list-usr-sbin-chronyd-4-ntp-ubuntu-com-53",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "^(|.*\\.)ubuntu\\.com$",
"type": "regexp",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/sbin/chronyd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

33
config/settings/opensnitch/rules/allow-always-list-usr-sbin-chronyd-4460.json Executable file
View File

@@ -0,0 +1,33 @@
{
"created": "2026-01-28T11:13:38-07:00",
"updated": "2026-01-28T11:13:38-07:00",
"name": "allow-always-list-usr-sbin-chronyd-4460",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.port",
"data": "4460",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/sbin/chronyd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/allow-always-list-usr-sbin-chronyd-ntp-bootstrap-ubuntu-com-53.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-01-31T00:30:27-07:00",
"updated": "2026-01-31T00:30:27-07:00",
"name": "allow-always-list-usr-sbin-chronyd-ntp-bootstrap-ubuntu-com-53",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "ntp-bootstrap.ubuntu.com",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/sbin/chronyd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/allow-always-list-usr-sbin-networkmanager-connectivity-check-ubuntu-com-80-0.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:12:41-07:00",
"updated": "2026-01-28T11:12:41-07:00",
"name": "allow-always-list-usr-sbin-networkmanager-connectivity-check-ubuntu-com-80-0",
"description": "",
"action": "allow",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "connectivity-check.ubuntu.com",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "80",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "0",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/sbin/NetworkManager",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/deny-always-list-opt-brave-com-brave-brave-224-0-0-251-5353-1000.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-02-01T16:52:56-07:00",
"updated": "2026-02-01T16:52:56-07:00",
"name": "deny-always-list-opt-brave-com-brave-brave-224-0-0-251-5353-1000",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.ip",
"data": "224.0.0.251",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "5353",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "1000",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/opt/brave.com/brave/brave",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/deny-always-list-opt-brave-com-brave-brave-239-255-255-250-1900.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-01-28T18:26:38-07:00",
"updated": "2026-01-28T18:26:38-07:00",
"name": "deny-always-list-opt-brave-com-brave-brave-239-255-255-250-1900",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.ip",
"data": "239.255.255.250",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "1900",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/opt/brave.com/brave/brave",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

33
config/settings/opensnitch/rules/deny-always-list-usr-bin-python3-13-239-255-255-250.json Executable file
View File

@@ -0,0 +1,33 @@
{
"created": "2026-01-28T11:12:27-07:00",
"updated": "2026-01-28T11:12:27-07:00",
"name": "deny-always-list-usr-bin-python3-13-239-255-255-250",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.ip",
"data": "239.255.255.250",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/bin/python3.13",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

47
config/settings/opensnitch/rules/deny-always-list-usr-libexec-colord-sane-239-255-255-250-3702-118.json Executable file
View File

@@ -0,0 +1,47 @@
{
"created": "2026-01-28T11:31:29-07:00",
"updated": "2026-01-28T11:31:29-07:00",
"name": "deny-always-list-usr-libexec-colord-sane-239-255-255-250-3702-118",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.ip",
"data": "239.255.255.250",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "3702",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "user.id",
"data": "118",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/libexec/colord-sane",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

26
config/settings/opensnitch/rules/deny-always-list-usr-sbin-avahi-daemon-224-0-0-251-5353.json Executable file
View File

@@ -0,0 +1,26 @@
{
"created": "2026-01-28T11:08:56-07:00",
"updated": "2026-01-28T11:08:56-07:00",
"name": "deny-always-list-usr-sbin-avahi-daemon-224-0-0-251-5353",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "process.path",
"data": "/usr/sbin/avahi-daemon",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

40
config/settings/opensnitch/rules/deny-always-list-usr-sbin-chronyd-3-ntp-ubuntu-com-53.json Executable file
View File

@@ -0,0 +1,40 @@
{
"created": "2026-01-28T11:33:02-07:00",
"updated": "2026-01-28T11:33:02-07:00",
"name": "deny-always-list-usr-sbin-chronyd-3-ntp-ubuntu-com-53",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "list",
"data": "",
"type": "list",
"list": [
{
"operand": "dest.host",
"data": "^(|.*\\.)ubuntu\\.com$",
"type": "regexp",
"list": null,
"sensitive": false
},
{
"operand": "dest.port",
"data": "53",
"type": "simple",
"list": null,
"sensitive": false
},
{
"operand": "process.path",
"data": "/usr/sbin/chronyd",
"type": "simple",
"list": null,
"sensitive": false
}
],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

18
config/settings/opensnitch/rules/deny-always-simple-usr-geoclue.json Executable file
View File

@@ -0,0 +1,18 @@
{
"created": "2026-01-28T14:32:45-07:00",
"updated": "2026-01-28T14:32:45-07:00",
"name": "deny-always-simple-usr-geoclue",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "process.path",
"data": "/usr/libexec/geoclue",
"type": "simple",
"list": [],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

18
config/settings/opensnitch/rules/deny-always-simple-usr-sbin-cups-browsed.json Executable file
View File

@@ -0,0 +1,18 @@
{
"created": "2026-01-28T14:32:45-07:00",
"updated": "2026-01-28T14:32:45-07:00",
"name": "deny-always-simple-usr-sbin-cups-browsed",
"description": "",
"action": "deny",
"duration": "always",
"operator": {
"operand": "process.path",
"data": "/usr/sbin/cups-browsed",
"type": "simple",
"list": [],
"sensitive": false
},
"enabled": true,
"precedence": false,
"nolog": false
}

46
config/settings/opensnitch/settings.conf Executable file
View File

@@ -0,0 +1,46 @@
[General]
statsDialog=1
[database]
file=:memory:
max_days=1
purge_interval=5
purge_oldest=true
type=0
[global]
default_action=0
default_duration=6
default_ignore_rules=false
default_ignore_temporary_rules=0
default_popup_advanced=true
default_popup_advanced_dstip=true
default_popup_advanced_dstport=true
default_popup_advanced_uid=false
default_popup_position=0
default_target=0
default_timeout=30
disable_popups=false
[notifications]
enabled=true
type=0
[promptDialog]
geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\0\0\x6\x93\0\0\x3\x86\0\0\b\x9a\0\0\x4\xde\0\0\x6\x93\0\0\x3\xab\0\0\b\x9a\0\0\x4\xde\0\0\0\0\0\0\0\0\xf\0\0\0\x6\x93\0\0\x3\xab\0\0\b\x9a\0\0\x4\xde)
[statsDialog]
general_columns_state=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x4o\0\0\0\a\0\x1\x1\x1\0\0\0\0\0\0\0\0\0\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\a\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\x1\x1\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\xf5\0\0\0\x1\0\0\0\0\0\0\0\xe9\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)
general_filter_text=
general_limit_results=0
geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\0\0\a\x84\0\0\x4&\0\0\f\b\0\0\a\xf7\0\0\a\x84\0\0\x4K\0\0\f\b\0\0\a\xf7\0\0\0\0\0\0\0\0\xf\0\0\0\a\x84\0\0\x4K\0\0\f\b\0\0\a\xf7)
last_tab=0
nodes_columns_state=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x5\x88\0\0\0\n\0\x1\x1\x1\0\0\0\0\0\0\0\0\x1\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\n\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0>\0\0\0\x1\0\0\0\x3\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\x2*\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)
rules_columns_state=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x4\x46\0\0\0\n\0\x1\x1\x1\0\0\0\0\0\0\0\0\0\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\n\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\xc2\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)
rules_tree_0_expanded=false
rules_tree_1_expanded=false
show_columns=0, 1, 2, 3, 4, 5, 6
view_columns_state2=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x4\xaa\0\0\0\v\0\x1\x1\x1\0\0\0\0\0\0\0\0\0\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\v\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\xc2\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)
view_columns_state4=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x3\xe2\0\0\0\x2\0\x1\x1\x1\0\0\0\0\0\0\0\0\x1\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\x2\0\0\x1\x64\0\0\0\x1\0\0\0\x3\0\0\x2~\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)
view_details_columns_state0=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xc8\0\0\0\x2\0\x1\x1\x1\0\0\0\0\0\0\0\0\x1\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\x2\0\0\0\x64\0\0\0\x1\0\0\0\x3\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)
view_details_columns_state2=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x4\x46\0\0\0\n\0\x1\x1\x1\0\0\0\0\0\0\0\0\0\0\0\0\x64\xff\xff\xff\xff\0\0\0\x84\0\0\0\0\0\0\0\n\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0\xc2\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\0\0\0\x64)