From f1fd7a04ebde59e2505f26e1eef9f8ead5227df7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gustavo=20I=C3=B1iguez=20Goia?= Date: Mon, 27 Apr 2020 21:37:40 +0200 Subject: [PATCH] UI: improved details views, added PID field - Added PID field to the details views. - Improved details queries, grouping more fields. - Some fields reorganized. --- ui/opensnitch/database.py | 4 ++- ui/opensnitch/dialogs/stats.py | 48 +++++++++++++++++----------------- ui/opensnitch/service.py | 4 +-- 3 files changed, 29 insertions(+), 27 deletions(-) diff --git a/ui/opensnitch/database.py b/ui/opensnitch/database.py index a6000c966a..c29fe64f4c 100644 --- a/ui/opensnitch/database.py +++ b/ui/opensnitch/database.py @@ -59,10 +59,12 @@ def _create_tables(self): "dst_host text, " \ "dst_port text, " \ "uid text, " \ + "pid text, " \ "process text, " \ "process_args text, " \ "rule text, " \ - "UNIQUE(time, node, protocol, src_ip, src_port, dst_ip, dst_port, uid, process, process_args))", self.db) + "UNIQUE(time, node, action, protocol, src_ip, src_port, dst_ip, dst_port, uid, pid, process, process_args))", + self.db) q.exec_() q = QSqlQuery("create table if not exists rules (" \ "time text, "\ diff --git a/ui/opensnitch/dialogs/stats.py b/ui/opensnitch/dialogs/stats.py index d173fe0df1..cbc54c669f 100644 --- a/ui/opensnitch/dialogs/stats.py +++ b/ui/opensnitch/dialogs/stats.py @@ -415,7 +415,9 @@ def _cb_main_table_double_clicked(self, row): def _cb_table_double_clicked(self, row): cur_idx = self.tabWidget.currentIndex() - if cur_idx == 1 and row.column() != 1: + if (cur_idx == self.TAB_RULES or cur_idx == self.TAB_NODES) and row.column() != 1: + return + if cur_idx > self.TAB_RULES and row.column() != self.COL_WHAT: return self.TABLES[cur_idx]['tipLabel'].setVisible(False) @@ -485,110 +487,108 @@ def _set_nodes_query(self, data): "c.protocol as Protocol, " \ "c.dst_port as DstPort, " \ "c.dst_ip as DstIP, " \ - "c.process as Process, " \ + "c.process || ' (' || c.pid || ')' as Process, " \ "c.process_args as Args, " \ "count(c.process) as Hits " \ "FROM nodes as n, connections as c " \ - "WHERE n.addr = '%s' %s GROUP BY c.process %s" % (data, s, self._get_order())) + "WHERE n.addr = '%s' %s GROUP BY Process, Args, UserID, DstIP, DstPort, Protocol, Status %s" % (data, s, self._get_order())) def _set_rules_query(self, data): model = self._get_active_table().model() self.setQuery(model, "SELECT " \ "c.time as Time, " \ "c.node as Node, " \ - "r.name as RuleName, " \ + "count(c.process) as Hits, " \ "r.action as Action, " \ "r.duration as Duration, " \ "c.uid as UserID, " \ "c.protocol as Protocol, " \ "c.dst_port as DstPort, " \ - "c.dst_ip as DstIP, " \ + "c.dst_host as DstIP, " \ "c.process as Process, " \ - "c.process_args as Args, " \ - "count(c.process) as Hits " \ + "c.process_args as Args " \ "FROM rules as r, connections as c " \ - "WHERE r.Name = '%s' AND r.Name = c.rule GROUP BY c.process,c.dst_host %s" % (data, self._get_order())) + "WHERE r.Name = '%s' AND r.Name = c.rule GROUP BY Process, Args, UserID, DstIP, DstPort, Node %s" % (data, self._get_order())) def _set_hosts_query(self, data): model = self._get_active_table().model() self.setQuery(model, "SELECT " \ "c.time as Time, " \ "c.node as Node, " \ + "count(c.process) as Hits, " \ "c.action as Action, " \ "c.uid as UserID, " \ "c.protocol as Protocol, " \ "c.dst_port as DstPort, " \ "c.dst_ip as DstIP, " \ - "c.process as Process, " \ + "c.process || ' (' || c.pid || ')' as Process, " \ "c.process_args as Args, " \ - "count(c.process) as Hits, " \ "c.rule as Rule " \ "FROM hosts as h, connections as c " \ - "WHERE c.dst_host = h.what AND h.what = '%s' GROUP BY c.process %s" % (data, self._get_order())) + "WHERE c.dst_host = h.what AND h.what = '%s' GROUP BY c.pid, Process, Args, DstIP, DstPort, Protocol, Action, Node %s" % (data, self._get_order())) def _set_process_query(self, data): model = self._get_active_table().model() self.setQuery(model, "SELECT " \ "c.time as Time, " \ "c.node as Node, " \ + "count(c.dst_host) as Hits, " \ "c.action as Action, " \ "c.uid as UserID, " \ "c.dst_host || ' -> ' || c.dst_port as Destination, " \ - "c.process as Process, " \ + "c.pid as PID, " \ "c.process_args as Args, " \ - "count(c.dst_host) as Hits, " \ "c.rule as Rule " \ "FROM procs as p, connections as c " \ - "WHERE p.what = c.process AND p.what = '%s' GROUP BY c.dst_host %s" % (data, self._get_order())) + "WHERE p.what = c.process AND p.what = '%s' GROUP BY c.dst_ip, c.dst_port, UserID, Action, Node %s" % (data, self._get_order())) def _set_addrs_query(self, data): model = self._get_active_table().model() self.setQuery(model, "SELECT " \ "c.time as Time, " \ "c.node as Node, " \ + "count(c.dst_ip) as Hits, " \ "c.action as Action, " \ "c.uid as UserID, " \ "c.protocol as Protocol, " \ "c.dst_port as DstPort, " \ - "c.process as Process, " \ + "c.process || ' (' || c.pid || ')' as Process, " \ "c.process_args as Args, " \ - "count(c.dst_ip) as Hits, " \ "c.rule as Rule " \ "FROM addrs as a, connections as c " \ - "WHERE c.dst_ip = a.what AND a.what = '%s' GROUP BY c.dst_ip %s" % (data, self._get_order())) + "WHERE c.dst_ip = a.what AND a.what = '%s' GROUP BY c.pid, Process, Args, DstPort, Protocol, Action, UserID, Node %s" % (data, self._get_order())) def _set_ports_query(self, data): model = self._get_active_table().model() self.setQuery(model, "SELECT " \ "c.time as Time, " \ "c.node as Node, " \ + "count(c.dst_ip) as Hits, " \ "c.action as Action, " \ "c.uid as UserID, " \ "c.protocol as Protocol, " \ "c.dst_ip as DstIP, " \ - "c.dst_port as DstPort, " \ - "c.process as Process, " \ + "c.process || ' (' || c.pid || ')' as Process, " \ "c.process_args as Args, " \ - "count(c.dst_ip) as Hits, " \ "c.rule as Rule " \ "FROM ports as p, connections as c " \ - "WHERE c.dst_port = p.what AND p.what = '%s' GROUP BY c.dst_ip %s" % (data, self._get_order())) + "WHERE c.dst_port = p.what AND p.what = '%s' GROUP BY c.pid, Process, Args, DstIP, Protocol, Action, UserID, Node %s" % (data, self._get_order())) def _set_users_query(self, data): model = self._get_active_table().model() self.setQuery(model, "SELECT " \ "c.time as Time, " \ "c.node as Node, " \ + "count(c.dst_ip) as Hits, " \ "c.action as Action, " \ "c.protocol as Protocol, " \ "c.dst_ip as DstIP, " \ "c.dst_port as DstPort, " \ - "c.process as Process, " \ + "c.process || ' (' || c.pid || ')' as Process, " \ "c.process_args as Args, " \ - "count(c.dst_ip) as Hits, " \ "c.rule as Rule " \ "FROM users as u, connections as c " \ - "WHERE u.what = '%s' AND u.what LIKE '%%(' || c.uid || ')' GROUP BY c.dst_ip %s" % (data, self._get_order())) + "WHERE u.what = '%s' AND u.what LIKE '%%(' || c.uid || ')' GROUP BY c.pid, Process, Args, DstIP, DstPort, Protocol, Action, Node %s" % (data, self._get_order())) def _on_save_clicked(self): tab_idx = self.tabWidget.currentIndex() diff --git a/ui/opensnitch/service.py b/ui/opensnitch/service.py index 410f738840..e000779f77 100644 --- a/ui/opensnitch/service.py +++ b/ui/opensnitch/service.py @@ -290,10 +290,10 @@ def _populate_stats(self, db, proto, addr, stats): continue need_refresh=True db.insert("connections", - "(time, node, action, protocol, src_ip, src_port, dst_ip, dst_host, dst_port, uid, process, process_args, rule)", + "(time, node, action, protocol, src_ip, src_port, dst_ip, dst_host, dst_port, uid, pid, process, process_args, rule)", (str(datetime.now()), addr, event.rule.action, event.connection.protocol, event.connection.src_ip, str(event.connection.src_port), event.connection.dst_ip, event.connection.dst_host, str(event.connection.dst_port), - str(event.connection.user_id), event.connection.process_path, " ".join(event.connection.process_args), + str(event.connection.user_id), str(event.connection.process_id), event.connection.process_path, " ".join(event.connection.process_args), event.rule.name), action_on_conflict="IGNORE" )