RE: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-19 Thread Brian labishi 
Hi, Nicolas.

I have already tried Leopard flower. I could not get it to work. But it also is 
not available in the ubuntu repositories. I tried it more for experimentation 
than in an attempt to really use it.

I think that an ubuntu-firewall-log that can report the application that 
generated a log report should be available to the wider ubuntu community in the 
repositories. Either the Main or Universe repositories. As you said in an 
earlier post, this helps with security et.al. 

Thanks.




> Date: Wed, 17 Oct 2012 10:31:54 +0200
> Subject: Re: could you add this feature or discuss it at 13.04
> Developer Summit?
> From: be.nicolas.mic...@gmail.com
> To: damage3...@gmail.com
> CC: ubuntu-devel-discuss@lists.ubuntu.com
>
> Brian,
>
> Continuing to search, I found the exact app you were searching for and
> the last version is pretty recent (feb 2012) :
> http://sourceforge.net/projects/leopardflower/files/
>
> It logs access and can restrict app access to the network. But I never
> tryied it.
>
> Regards,
> Nicolas
>
>
> 2012/10/17 Ma Xiaojun mailto:damage3...@gmail.com>>
> On Wed, Oct 17, 2012 at 1:23 AM, Nicolas Michel
> mailto:be.nicolas.mic...@gmail.com>> wrote:
> > In consequence, all applications that you install from the Ubuntu Software
> > center are considered "safe" by the distribution maintainers because
> they or
> > others members of the open-source community already reviewed the source
> > code. This is why you always should prefer installing app from the ubuntu
> > software center than from the net directly except if you know what you're
> > doing.
> I think Ubuntu software center also features non-open source stuff now.
> http://developer.ubuntu.com/publish/
> The trust model is more like Apple's app store now.
> The developers of apps may be considered as untrusted.
> But the apps have gone through the review a (hopefully) trusted company.
>
> > Other argument against the app firewall level with popus: let the user the
> > possibility to easily configure the security of its computer is only
> usefull
> > when the user knows what he's really doing and all consequences. Most
> people
> > will click on "yes" on every popup that appears without asking themselves
> > the consequences of that click.
> > Final argument against : I hate popups :)
> All true, so the origin poster need a logger.
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
>
>
> --
> Nicolas MICHEL
>
> -- Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe
> at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>   
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

RE: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-19 Thread Brian labishi 
Hi.

I am asking for the ability to log the internet connections that "applications" 
on my machine make. Currently, Ubuntu has a default "firewall log." This log 
shows ports, protocols, etc of internet connections. But it doesn't show what 
"application" generated the log report. For example, if I use the existing 
firewall to block all outgoing connections and then start Firefox, the log will 
report a bunch of blocked connections for TCP ports 80 and 443 but say nothing 
about the fact that Firefox is the application that was blocked.


application-firewall:
I do like having control over an application's ability to connect to the 
internet. For example, currently if I open port 80, any app can theoretically 
connect to the internet if using port 80. I would like the ability to open port 
80 for only Firefox. But this is not what I started this discussion about. 
Perhaps it is impossible to record what app is causing the log without the 
development of an application-firewall. This I don't know as I am not 
knowledgeable enough. But this is why I bring this topic up so it can be 
discussed. an application-firewall would be nice to have on ubuntu, but this is 
not what I started this topic about.


counter-arguments to your enumerated negatives of an application-firewall:
I started this about the LOG being able to record the application of origin for 
the already existing ubuntu-firewall-log. But I don't mind discussing the ideas 
of firewall because I am speaking to firewall-LOG capabilities.

1) I am not asking that the LOG show the application that generated a 
log-report because I suspect the application of behaving badly. I just want to 
know what the application is doing internet wise. Some applications connect 
more than others by design. Say two different applications both do the same 
thing--play videos (say Windows Media Player and VLC). Yet if you watch 
internet connectivity of the two applications on a Windows machine via a Comodo 
LOG report, you notice Windows Media Player connects to internet a lot more 
than VLC. This doesn't mean Windows Media Player is doing anything sneaky 
necessarily, it just connects more for whatever reason. I like to know this. I 
think other users like to know this about their apps as well. A LOG that 
records the app making the connection helps non-tech users like myself (who 
don't know how to read source code) still know these things about the operation 
of their computer. So whether the app is malware or legitware, it doesn't 
matter. I still want to be able to LOG what it's doing so I know how it 
behaves. Now Netstat shows this information great. But the problem is that 
NETSTAT 
does not show when an application is blocked and I also can't 
stare at Netstat the whole time I'm using the computer. So without a LOG
 I will miss ephemeral connection attempts as well as not have knowledge
 of what ports that the firewall is currently blocking
 that I may need to open (e.g., a firewall-log can help me decide 
whether I need to open ports 80 & 443 for firefox or whether I need 
to open ports 80, 443, & 8080). This is the most important sentence in this 
email so I will repeat it in the hopes that it is not overlooked: Netstat shows 
this information great. But the problem is that NETSTAT does not show when an 
application is blocked and I also can't 
stare at Netstat the whole time I'm using the computer. So without a LOG
 I will miss ephemeral connection attempts as well as not have knowledge of 
what ports that the firewall is currently blocking
 that I may need to open (e.g., a firewall-log can help me decide whether I 
need to open ports 80 & 443 for firefox or whether I need to open ports 80, 
443, & 8080).


3) Firewall popups. Let me first say that the currently existing 
ubuntu-firewall has no popups. An application-firewall does not have to have 
popups.

a. when I used Windows with the Comodo Firewall, I never had popups once I 
configured the firewall how I wanted. I don't like popups either. I agree that 
people just click YES and defeat security. but remember this is unimportant to 
me because I am seeking knowledge of application behavior, not necessarily 
trying to control an application's behavior. Application-firewalls can be made 
without using popups:

b. take the existing ubuntu-firewall as an example. It has no popups. If it 
were to gain application-level filtering and nothing more. It would be an 
application-firewall without popups. let's pretend that the ubuntu-firewall is 
an application-firewall. The user who knows enough configures the firewall how 
he wants. He looks at his firewall-log to learn the behavior of his 
applications. He notices that application A needs certain ports opened and 
application B needs these other ports opened.In other words, the firewall just 
follows the preset rules and doesn't prompt the user for anything. It blocks 
what it's told to block and allows what isn't blocked--the same way the 
firewall present