diff options
author | netblue30 <netblue30@protonmail.com> | 2022-10-23 07:38:29 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2022-10-23 07:38:29 -0400 |
commit | a0985a135392c0776d45cf8e27ebf15bc7fff198 (patch) | |
tree | f796ca075c61e103abfd54c01872655c9610e8dc /src/man | |
parent | Merge branch 'master' of ssh://github.com/netblue30/firejail (diff) | |
download | firejail-a0985a135392c0776d45cf8e27ebf15bc7fff198.tar.gz firejail-a0985a135392c0776d45cf8e27ebf15bc7fff198.tar.zst firejail-a0985a135392c0776d45cf8e27ebf15bc7fff198.zip |
dnstrace and snitrace
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/firejail.txt | 159 |
1 files changed, 83 insertions, 76 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index c26d21ec9..49fd18a04 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -779,6 +779,46 @@ $ firejail \-\-list | |||
779 | .br | 779 | .br |
780 | $ firejail \-\-dns.print=3272 | 780 | $ firejail \-\-dns.print=3272 |
781 | 781 | ||
782 | #ifdef HAVE_NETWORK | ||
783 | .TP | ||
784 | \fB\-\-dnstrace[=name|pid] | ||
785 | Monitor DNS queries. The sandbox can be specified by name or pid. Only networked sandboxes | ||
786 | created with \-\-net are supported. This option is only available when running the sandbox as root. | ||
787 | .br | ||
788 | |||
789 | .br | ||
790 | Without a name/pid, Firejail will monitor the main system network namespace. | ||
791 | .br | ||
792 | |||
793 | .br | ||
794 | $ sudo firejail --dnstrace=browser | ||
795 | .br | ||
796 | 11:31:43 9.9.9.9 linux.com (type 1) | ||
797 | .br | ||
798 | 11:31:45 9.9.9.9 fonts.googleapis.com (type 1) NXDOMAIN | ||
799 | .br | ||
800 | 11:31:45 9.9.9.9 js.hs-scripts.com (type 1) NXDOMAIN | ||
801 | .br | ||
802 | 11:31:45 9.9.9.9 www.linux.com (type 1) | ||
803 | .br | ||
804 | 11:31:45 9.9.9.9 fonts.googleapis.com (type 1) NXDOMAIN | ||
805 | .br | ||
806 | 11:31:52 9.9.9.9 js.hs-scripts.com (type 1) NXDOMAIN | ||
807 | .br | ||
808 | 11:32:05 9.9.9.9 secure.gravatar.com (type 1) | ||
809 | .br | ||
810 | 11:32:06 9.9.9.9 secure.gravatar.com (type 1) | ||
811 | .br | ||
812 | 11:32:08 9.9.9.9 taikai.network (type 1) | ||
813 | .br | ||
814 | 11:32:08 9.9.9.9 cdn.jsdelivr.net (type 1) | ||
815 | .br | ||
816 | 11:32:08 9.9.9.9 taikai.azureedge.net (type 1) | ||
817 | .br | ||
818 | 11:32:08 9.9.9.9 www.youtube.com (type 1) | ||
819 | .br | ||
820 | #endif | ||
821 | |||
782 | .TP | 822 | .TP |
783 | \fB\-\-env=name=value | 823 | \fB\-\-env=name=value |
784 | Set environment variable in the new sandbox. | 824 | Set environment variable in the new sandbox. |
@@ -1578,82 +1618,6 @@ the country the traffic originates from is added to the trace. | |||
1578 | We also use the static IP map in /usr/lib/firejail/static-ip-map | 1618 | We also use the static IP map in /usr/lib/firejail/static-ip-map |
1579 | to print the domain names for some of the more common websites and cloud platforms. | 1619 | to print the domain names for some of the more common websites and cloud platforms. |
1580 | No external services are contacted for reverse IP lookup. | 1620 | No external services are contacted for reverse IP lookup. |
1581 | .TP | ||
1582 | \fB\-\-nettrace-dns[=name|pid] | ||
1583 | Monitor DNS queries. The sandbox can be specified by name or pid. Only networked sandboxes | ||
1584 | created with \-\-net are supported. This option is only available when running the sandbox as root. | ||
1585 | .br | ||
1586 | |||
1587 | .br | ||
1588 | Without a name/pid, Firejail will monitor the main system network namespace. | ||
1589 | .br | ||
1590 | |||
1591 | .br | ||
1592 | $ sudo firejail --nettrace-dns=browser | ||
1593 | .br | ||
1594 | 11:31:43 9.9.9.9 linux.com (type 1) | ||
1595 | .br | ||
1596 | 11:31:45 9.9.9.9 fonts.googleapis.com (type 1) NXDOMAIN | ||
1597 | .br | ||
1598 | 11:31:45 9.9.9.9 js.hs-scripts.com (type 1) NXDOMAIN | ||
1599 | .br | ||
1600 | 11:31:45 9.9.9.9 www.linux.com (type 1) | ||
1601 | .br | ||
1602 | 11:31:45 9.9.9.9 fonts.googleapis.com (type 1) NXDOMAIN | ||
1603 | .br | ||
1604 | 11:31:52 9.9.9.9 js.hs-scripts.com (type 1) NXDOMAIN | ||
1605 | .br | ||
1606 | 11:32:05 9.9.9.9 secure.gravatar.com (type 1) | ||
1607 | .br | ||
1608 | 11:32:06 9.9.9.9 secure.gravatar.com (type 1) | ||
1609 | .br | ||
1610 | 11:32:08 9.9.9.9 taikai.network (type 1) | ||
1611 | .br | ||
1612 | 11:32:08 9.9.9.9 cdn.jsdelivr.net (type 1) | ||
1613 | .br | ||
1614 | 11:32:08 9.9.9.9 taikai.azureedge.net (type 1) | ||
1615 | .br | ||
1616 | 11:32:08 9.9.9.9 www.youtube.com (type 1) | ||
1617 | .br | ||
1618 | .TP | ||
1619 | \fB\-\-nettrace-sni[=name|pid] | ||
1620 | Monitor Server Name Indication (TLS/SNI). The sandbox can be specified by name or pid. Only networked sandboxes | ||
1621 | created with \-\-net are supported. This option is only available when running the sandbox as root. | ||
1622 | .br | ||
1623 | |||
1624 | .br | ||
1625 | Without a name/pid, Firejail will monitor the main system network namespace. | ||
1626 | .br | ||
1627 | |||
1628 | .br | ||
1629 | $ sudo firejail --nettrace-sni=browser | ||
1630 | .br | ||
1631 | 07:49:51 23.185.0.3 linux.com | ||
1632 | .br | ||
1633 | 07:49:51 23.185.0.3 www.linux.com | ||
1634 | .br | ||
1635 | 07:50:05 192.0.73.2 secure.gravatar.com | ||
1636 | .br | ||
1637 | 07:52:35 172.67.68.93 www.howtoforge.com | ||
1638 | .br | ||
1639 | 07:52:37 13.225.103.59 sf.ezoiccdn.com | ||
1640 | .br | ||
1641 | 07:52:42 142.250.176.3 www.gstatic.com | ||
1642 | .br | ||
1643 | 07:53:03 173.236.250.32 www.linuxlinks.com | ||
1644 | .br | ||
1645 | 07:53:05 192.0.77.37 c0.wp.com | ||
1646 | .br | ||
1647 | 07:53:08 192.0.78.32 jetpack.wordpress.com | ||
1648 | .br | ||
1649 | 07:53:09 192.0.77.32 s0.wp.com | ||
1650 | .br | ||
1651 | 07:53:09 192.0.77.2 i0.wp.com | ||
1652 | .br | ||
1653 | 07:53:10 192.0.77.2 i0.wp.com | ||
1654 | .br | ||
1655 | 07:53:11 192.0.73.2 1.gravatar.com | ||
1656 | .br | ||
1657 | #endif | 1621 | #endif |
1658 | .TP | 1622 | .TP |
1659 | \fB\-\-nice=value | 1623 | \fB\-\-nice=value |
@@ -2833,6 +2797,49 @@ $ firejail \-\-list | |||
2833 | 3272:netblue::firejail \-\-private firefox | 2797 | 3272:netblue::firejail \-\-private firefox |
2834 | .br | 2798 | .br |
2835 | $ firejail \-\-shutdown=3272 | 2799 | $ firejail \-\-shutdown=3272 |
2800 | |||
2801 | #ifdef HAVE_NETWORK | ||
2802 | .TP | ||
2803 | \fB\-\-snitrace[=name|pid] | ||
2804 | Monitor Server Name Indication (TLS/SNI). The sandbox can be specified by name or pid. Only networked sandboxes | ||
2805 | created with \-\-net are supported. This option is only available when running the sandbox as root. | ||
2806 | .br | ||
2807 | |||
2808 | .br | ||
2809 | Without a name/pid, Firejail will monitor the main system network namespace. | ||
2810 | .br | ||
2811 | |||
2812 | .br | ||
2813 | $ sudo firejail --snitrace=browser | ||
2814 | .br | ||
2815 | 07:49:51 23.185.0.3 linux.com | ||
2816 | .br | ||
2817 | 07:49:51 23.185.0.3 www.linux.com | ||
2818 | .br | ||
2819 | 07:50:05 192.0.73.2 secure.gravatar.com | ||
2820 | .br | ||
2821 | 07:52:35 172.67.68.93 www.howtoforge.com | ||
2822 | .br | ||
2823 | 07:52:37 13.225.103.59 sf.ezoiccdn.com | ||
2824 | .br | ||
2825 | 07:52:42 142.250.176.3 www.gstatic.com | ||
2826 | .br | ||
2827 | 07:53:03 173.236.250.32 www.linuxlinks.com | ||
2828 | .br | ||
2829 | 07:53:05 192.0.77.37 c0.wp.com | ||
2830 | .br | ||
2831 | 07:53:08 192.0.78.32 jetpack.wordpress.com | ||
2832 | .br | ||
2833 | 07:53:09 192.0.77.32 s0.wp.com | ||
2834 | .br | ||
2835 | 07:53:09 192.0.77.2 i0.wp.com | ||
2836 | .br | ||
2837 | 07:53:10 192.0.77.2 i0.wp.com | ||
2838 | .br | ||
2839 | 07:53:11 192.0.73.2 1.gravatar.com | ||
2840 | .br | ||
2841 | #endif | ||
2842 | |||
2836 | .TP | 2843 | .TP |
2837 | \fB\-\-tab | 2844 | \fB\-\-tab |
2838 | Enable shell tab completion in sandboxes using private or whitelisted home directories. | 2845 | Enable shell tab completion in sandboxes using private or whitelisted home directories. |