diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | README.md | 18 | ||||
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | src/firejail/usage.c | 1 | ||||
-rw-r--r-- | src/man/firejail.txt | 23 |
5 files changed, 44 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore index ace86f218..29e0b63d6 100644 --- a/.gitignore +++ b/.gitignore | |||
@@ -43,6 +43,7 @@ src/profstats/profstats | |||
43 | src/bash_completion/firejail.bash_completion | 43 | src/bash_completion/firejail.bash_completion |
44 | src/zsh_completion/_firejail | 44 | src/zsh_completion/_firejail |
45 | src/jailcheck/jailcheck | 45 | src/jailcheck/jailcheck |
46 | src/fnettrace/fnettrace | ||
46 | uids.h | 47 | uids.h |
47 | seccomp | 48 | seccomp |
48 | seccomp.debug | 49 | seccomp.debug |
@@ -296,6 +296,24 @@ INTRUSION DETECTION SYSTEM (IDS) | |||
296 | as it contains running processes. | 296 | as it contains running processes. |
297 | ````` | 297 | ````` |
298 | 298 | ||
299 | ### Network Monitor | ||
300 | ````` | ||
301 | --nettrace=name|pid | ||
302 | Monitor TCP and UDP traffic coming into the sandbox specified by | ||
303 | name or pid. Only networked sandboxes created with --net are | ||
304 | supported. | ||
305 | |||
306 | $ firejail --nettrace=browser | ||
307 | 9.9.9.9:53 => 192.168.1.60 UDP: 122 B/sec | ||
308 | 72.21.91.29:80 => 192.168.1.60 TCP: 257 B/sec | ||
309 | 80.92.126.65:123 => 192.168.1.60 UDP: 25 B/sec | ||
310 | 69.30.241.50:443 => 192.168.1.60 TCP: 88 KB/sec | ||
311 | 140.82.112.4:443 => 192.168.1.60 TCP: 1861 B/sec | ||
312 | |||
313 | (14 streams in the last one minute) | ||
314 | |||
315 | ````` | ||
316 | |||
299 | ### Profile Statistics | 317 | ### Profile Statistics |
300 | 318 | ||
301 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. | 319 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. |
@@ -5,6 +5,7 @@ firejail (0.9.67) baseline; urgency=low | |||
5 | * deterministic shutdown (--deterministic-exit-code, | 5 | * deterministic shutdown (--deterministic-exit-code, |
6 | --deterministic-shutdown) (#4635) | 6 | --deterministic-shutdown) (#4635) |
7 | * noprinters command (#4607) | 7 | * noprinters command (#4607) |
8 | * network monitor (--nettrace) | ||
8 | * build: firecfg.config is now installed to /etc/firejail/ (#4669) | 9 | * build: firecfg.config is now installed to /etc/firejail/ (#4669) |
9 | * removed --disable-whitelist at compile time | 10 | * removed --disable-whitelist at compile time |
10 | * removed whitelist=yes/no in /etc/firejail/firejail.config | 11 | * removed whitelist=yes/no in /etc/firejail/firejail.config |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 4a0f05528..b993cb80c 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -150,6 +150,7 @@ static char *usage_str = | |||
150 | "\tparent interfaces.\n" | 150 | "\tparent interfaces.\n" |
151 | " --netns=name - Run the program in a named, persistent network namespace.\n" | 151 | " --netns=name - Run the program in a named, persistent network namespace.\n" |
152 | " --netstats - monitor network statistics.\n" | 152 | " --netstats - monitor network statistics.\n" |
153 | " --nettrace - monitor TCP and UDP traffic coming into the sandbox.\n" | ||
153 | #endif | 154 | #endif |
154 | " --nice=value - set nice value.\n" | 155 | " --nice=value - set nice value.\n" |
155 | " --no3d - disable 3D hardware acceleration.\n" | 156 | " --no3d - disable 3D hardware acceleration.\n" |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 09e7165a7..b366fed7c 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1479,6 +1479,29 @@ PID User RX(KB/s) TX(KB/s) Command | |||
1479 | 1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox | 1479 | 1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox |
1480 | .br | 1480 | .br |
1481 | 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission | 1481 | 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission |
1482 | .TP | ||
1483 | \fB\-\-nettrace=name|pid | ||
1484 | Monitor TCP and UDP traffic coming into the sandbox specified by name or pid. Only networked sandboxes | ||
1485 | created with \-\-net are supported. | ||
1486 | .br | ||
1487 | |||
1488 | .br | ||
1489 | $ firejail --nettrace=browser | ||
1490 | .br | ||
1491 | 9.9.9.9:53 => 192.168.1.60 UDP: 122 B/sec | ||
1492 | .br | ||
1493 | 72.21.91.29:80 => 192.168.1.60 TCP: 257 B/sec | ||
1494 | .br | ||
1495 | 80.92.126.65:123 => 192.168.1.60 UDP: 25 B/sec | ||
1496 | .br | ||
1497 | 69.30.241.50:443 => 192.168.1.60 TCP: 88 KB/sec | ||
1498 | .br | ||
1499 | 140.82.112.4:443 => 192.168.1.60 TCP: 1861 B/sec | ||
1500 | .br | ||
1501 | |||
1502 | .br | ||
1503 | (14 streams in the last one minute) | ||
1504 | |||
1482 | #endif | 1505 | #endif |
1483 | .TP | 1506 | .TP |
1484 | \fB\-\-nice=value | 1507 | \fB\-\-nice=value |