RE: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-19 Thread Brian labishi 
Hi, Nicolas.

I have already tried Leopard flower. I could not get it to work. But it also is 
not available in the ubuntu repositories. I tried it more for experimentation 
than in an attempt to really use it.

I think that an ubuntu-firewall-log that can report the application that 
generated a log report should be available to the wider ubuntu community in the 
repositories. Either the Main or Universe repositories. As you said in an 
earlier post, this helps with security et.al. 

Thanks.




> Date: Wed, 17 Oct 2012 10:31:54 +0200
> Subject: Re: could you add this feature or discuss it at 13.04
> Developer Summit?
> From: be.nicolas.mic...@gmail.com
> To: damage3...@gmail.com
> CC: ubuntu-devel-discuss@lists.ubuntu.com
>
> Brian,
>
> Continuing to search, I found the exact app you were searching for and
> the last version is pretty recent (feb 2012) :
> http://sourceforge.net/projects/leopardflower/files/
>
> It logs access and can restrict app access to the network. But I never
> tryied it.
>
> Regards,
> Nicolas
>
>
> 2012/10/17 Ma Xiaojun mailto:damage3...@gmail.com>>
> On Wed, Oct 17, 2012 at 1:23 AM, Nicolas Michel
> mailto:be.nicolas.mic...@gmail.com>> wrote:
> > In consequence, all applications that you install from the Ubuntu Software
> > center are considered "safe" by the distribution maintainers because
> they or
> > others members of the open-source community already reviewed the source
> > code. This is why you always should prefer installing app from the ubuntu
> > software center than from the net directly except if you know what you're
> > doing.
> I think Ubuntu software center also features non-open source stuff now.
> http://developer.ubuntu.com/publish/
> The trust model is more like Apple's app store now.
> The developers of apps may be considered as untrusted.
> But the apps have gone through the review a (hopefully) trusted company.
>
> > Other argument against the app firewall level with popus: let the user the
> > possibility to easily configure the security of its computer is only
> usefull
> > when the user knows what he's really doing and all consequences. Most
> people
> > will click on "yes" on every popup that appears without asking themselves
> > the consequences of that click.
> > Final argument against : I hate popups :)
> All true, so the origin poster need a logger.
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com<mailto:Ubuntu-devel-discuss@lists.ubuntu.com>
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
>
>
> --
> Nicolas MICHEL
>
> -- Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe
> at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>   
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

RE: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-19 Thread Brian labishi 
7;t prompt the user for anything. It blocks 
what it's told to block and allows what isn't blocked--the same way the 
firewall presently works on ubuntu--EXCEPT it also allows configuration of 
rules at the application level.

Do you see my point? You can have an application-firewall that doesn't have 
popups. Just add application-level filtering to the currently existing 
ubuntu-firewall.


All good points, Nicholas. Hopefully my email has helped clarify the issue 
better? I really appreciate your emails as they are all good points and great 
discussion. Hopefully others can see the value in the firewall-LOG being able 
to report the application that generates the log report?




Date: Wed, 17 Oct 2012 08:23:18 +0200
Subject: Re: could you add this feature or discuss it at 13.04 Developer Summit?
From: be.nicolas.mic...@gmail.com
To: mathieu...@ubuntu.com
CC: bni1...@live.com; ubuntu-devel-discuss@lists.ubuntu.com

I think what Brian wants (correct me if not) is an application level firewall. 
On Windows most antivirus do it : you get a popup when an application try to 
access something you didn't already allowed to.I think what should be done is 
an AppArmor graphical frontend (with notifications). Some others already emits 
the idea on the net :
http://superuser.com/questions/271584/how-can-i-restrict-applications-on-having-internet-access
Here are the rules to set with 
AppArmorhttp://wiki.apparmor.net/index.php/ProfileLanguage#Network_rulesMore on 
apparmor
http://www.ubuntugeek.com/detailed-tutorial-about-apparmor-for-ubuntu-users.html
But honestly, Linux is not Windows Brian. Every application is open-source 
(except if you installed a propriatary app from the net). It means from a 
security point of view that everyone can read the source code (it he has the 
skill)  and see what the application do exactly.
This is not the case for the big majority of applications on Windows. You just 
can't see the source code and don't really know what behavior they will have. 
So it works on blind trust like: "it is an Adobe app so it should be OK". 
Sometimes applications are not coming from a trusted or a well-know developper. 
So these application level firewalls are there to be sure that apps won't 
access things you don't want to.
In consequence, all applications that you install from the Ubuntu Software 
center are considered "safe" by the distribution maintainers because they or 
others members of the open-source community already reviewed the source code. 
This is why you always should prefer installing app from the ubuntu software 
center than from the net directly except if you know what you're doing.

In addition I also have to mentionned that on Linux, all installed applications 
from the software center are updated on system updates and so their security 
flaws are quickly patched. On windows this is not the case: except some 
Microsoft app like Microsoft Office, applications are only up-to-date when you 
update them manually.

Other argument against the app firewall level with popus: let the user the 
possibility to easily configure the security of its computer is only usefull 
when the user knows what he's really doing and all consequences. Most people 
will click on "yes" on every popup that appears without asking themselves the 
consequences of that click.

Final argument against : I hate popups :)
That said, Linux is also well-known for its freedom of choice. So if you feel 
the need to control the network transactions of your applications with a pretty 
graphical interface, do it (you or some others that may be interested in the 
project). It don't need to be discussed at UDS like Mathieu said since it's a 
place to discuss big trends of the next version of Ubuntu but not where to 
discuss any new open-source project ;)

Regards,Nicolas

2012/10/17 Mathieu Trudel-Lapierre 

On Mon, Oct 15, 2012 at 1:25 PM, Brian labishi  wrote:


>

> Hi. I'm new to Ubuntu and like it very much. Overall I like Ubuntu better

> than what I used to use, Windows. But one thing that I really miss from

> Windows is the ability to know what applications and services are connecting

> to the internet. In Windows I could log this kind of information. But I've

> asked some very knowledgeable computer people for help with Ubuntu and I'm

> told this can't be done on ubuntu.

>

> I was hoping that Ubuntu developers might address this shortcoming at the

> summit? I was told this is where these kind of things are discussed.



You're suggesting a very interesting project, yet one that is likely

to depend on a fair amount of new development.



Do we have other instances of this being asked by people, such as on

Ubuntu Brainstorm (I'll look too)? It would be important to know,

before committing time to work on such a thing, how important it's

perceived to be by our users.

Re: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-18 Thread Nicolas Michel 
2012/10/18 Matthew Paul Thomas 

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Nicolas Michel wrote on 17/10/12 07:23:
> >
> > I think what Brian wants (correct me if not) is an application
> > level firewall. On Windows most antivirus do it : you get a popup
> > when an application try to access something you didn't already
> > allowed to. I think what should be done is an AppArmor graphical
> > frontend (with notifications).
>
> If anyone would like to implement that, here's a design I prepared
> earlier. 
>
> However, Brian specifically mentioned "the logging features of the
> application-firewall", not just the firewall itself.
>
> > ...
> >
> > But honestly, Linux is not Windows Brian. Every application is
> > open-source (except if you installed a propriatary app from the
> > net). It means from a security point of view that everyone can
> > read the source code (it he has the skill)  and see what the
> > application do exactly.
>
> As Ma pointed out, this is less true as USC sells more proprietary
> applications.


Maybe it should be the Canonical/Ubuntu responsibility to provide an
AppArmor profile for each proprietary app which is proposed. That profile
should be asked by the propriatary dev (saying what they need to access
to), validated and created by the ubuntu maintainer of that app. So even if
the devs of the propriatary app change the behavior of the app, it won't be
allowed without changing the AppArmor profile and so, everyone will know it.

Even if it was true, though, I expect it would be much
> easier to figure out what a program is doing network-wise by running
> something like wireshark, than by reading the source code for the
> application and all its dependencies.


> - --
> mpt
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iEYEARECAAYFAlB/uXIACgkQ6PUxNfU6ecqjuQCgpKCoOsdzbFvotkeXoysLAFA7
> VAIAnRxRkP9zFdCKsjBmeCKmFVaAW518
> =HcXw
> -END PGP SIGNATURE-
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>



-- 
Nicolas MICHEL
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-18 Thread Matthew Paul Thomas 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Nicolas Michel wrote on 17/10/12 07:23:
> 
> I think what Brian wants (correct me if not) is an application 
> level firewall. On Windows most antivirus do it : you get a popup 
> when an application try to access something you didn't already 
> allowed to. I think what should be done is an AppArmor graphical 
> frontend (with notifications).

If anyone would like to implement that, here's a design I prepared
earlier. 

However, Brian specifically mentioned "the logging features of the
application-firewall", not just the firewall itself.

> ...
> 
> But honestly, Linux is not Windows Brian. Every application is 
> open-source (except if you installed a propriatary app from the 
> net). It means from a security point of view that everyone can
> read the source code (it he has the skill)  and see what the
> application do exactly.

As Ma pointed out, this is less true as USC sells more proprietary
applications. Even if it was true, though, I expect it would be much
easier to figure out what a program is doing network-wise by running
something like wireshark, than by reading the source code for the
application and all its dependencies.

- -- 
mpt

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlB/uXIACgkQ6PUxNfU6ecqjuQCgpKCoOsdzbFvotkeXoysLAFA7
VAIAnRxRkP9zFdCKsjBmeCKmFVaAW518
=HcXw
-END PGP SIGNATURE-

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-17 Thread Nicolas Michel 
Brian,

Continuing to search, I found the exact app you were searching for and the
last version is pretty recent (feb 2012) :
http://sourceforge.net/projects/leopardflower/files/

It logs access and can restrict app access to the network. But I never
tryied it.

Regards,
Nicolas


2012/10/17 Ma Xiaojun 

> On Wed, Oct 17, 2012 at 1:23 AM, Nicolas Michel
>  wrote:
> > In consequence, all applications that you install from the Ubuntu
> Software
> > center are considered "safe" by the distribution maintainers because
> they or
> > others members of the open-source community already reviewed the source
> > code. This is why you always should prefer installing app from the ubuntu
> > software center than from the net directly except if you know what you're
> > doing.
> I think Ubuntu software center also features non-open source stuff now.
> http://developer.ubuntu.com/publish/
> The trust model is more like Apple's app store now.
> The developers of apps may be considered as untrusted.
> But the apps have gone through the review a (hopefully) trusted company.
>
> > Other argument against the app firewall level with popus: let the user
> the
> > possibility to easily configure the security of its computer is only
> usefull
> > when the user knows what he's really doing and all consequences. Most
> people
> > will click on "yes" on every popup that appears without asking themselves
> > the consequences of that click.
> > Final argument against : I hate popups :)
> All true, so the origin poster need a logger.
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>



-- 
Nicolas MICHEL
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-16 Thread Ma Xiaojun 
On Wed, Oct 17, 2012 at 1:23 AM, Nicolas Michel
 wrote:
> In consequence, all applications that you install from the Ubuntu Software
> center are considered "safe" by the distribution maintainers because they or
> others members of the open-source community already reviewed the source
> code. This is why you always should prefer installing app from the ubuntu
> software center than from the net directly except if you know what you're
> doing.
I think Ubuntu software center also features non-open source stuff now.
http://developer.ubuntu.com/publish/
The trust model is more like Apple's app store now.
The developers of apps may be considered as untrusted.
But the apps have gone through the review a (hopefully) trusted company.

> Other argument against the app firewall level with popus: let the user the
> possibility to easily configure the security of its computer is only usefull
> when the user knows what he's really doing and all consequences. Most people
> will click on "yes" on every popup that appears without asking themselves
> the consequences of that click.
> Final argument against : I hate popups :)
All true, so the origin poster need a logger.

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-16 Thread Nicolas Michel 
I think what Brian wants (correct me if not) is an application level
firewall. On Windows most antivirus do it : you get a popup when an
application try to access something you didn't already allowed to.
I think what should be done is an AppArmor graphical frontend (with
notifications). Some others already emits the idea on the net :
http://superuser.com/questions/271584/how-can-i-restrict-applications-on-having-internet-access
Here are the rules to set with AppArmor
http://wiki.apparmor.net/index.php/ProfileLanguage#Network_rules
More on apparmor
http://www.ubuntugeek.com/detailed-tutorial-about-apparmor-for-ubuntu-users.html

But honestly, Linux is not Windows Brian. Every application is open-source
(except if you installed a propriatary app from the net). It means from a
security point of view that everyone can read the source code (it he has
the skill)  and see what the application do exactly.
This is not the case for the big majority of applications on Windows. You
just can't see the source code and don't really know what behavior they
will have. So it works on blind trust like: "it is an Adobe app so it
should be OK". Sometimes applications are not coming from a trusted or a
well-know developper. So these application level firewalls are there to be
sure that apps won't access things you don't want to.
In consequence, all applications that you install from the Ubuntu Software
center are considered "safe" by the distribution maintainers because they
or others members of the open-source community already reviewed the source
code. This is why you always should prefer installing app from the ubuntu
software center than from the net directly except if you know what you're
doing.

In addition I also have to mentionned that on Linux, all installed
applications from the software center are updated on *system *updates and
so their security flaws are quickly patched. On windows this is not the
case: except some Microsoft app like Microsoft Office, applications are
only up-to-date when you update them manually.

Other argument against the app firewall level with popus: let the user the
possibility to easily configure the security of its computer is only
usefull when the user knows what he's really doing and all consequences.
Most people will click on "yes" on every popup that appears without asking
themselves the consequences of that click.

Final argument against : I hate popups :)

That said, Linux is also well-known for its freedom of choice. So if you
feel the need to control the network transactions of your applications with
a pretty graphical interface, do it (you or some others that may be
interested in the project). It don't need to be discussed at UDS like
Mathieu said since it's a place to discuss big trends of the next version
of Ubuntu but not where to discuss any new open-source project ;)

Regards,
Nicolas


2012/10/17 Mathieu Trudel-Lapierre 

> On Mon, Oct 15, 2012 at 1:25 PM, Brian labishi  wrote:
> >
> > Hi. I'm new to Ubuntu and like it very much. Overall I like Ubuntu better
> > than what I used to use, Windows. But one thing that I really miss from
> > Windows is the ability to know what applications and services are
> connecting
> > to the internet. In Windows I could log this kind of information. But
> I've
> > asked some very knowledgeable computer people for help with Ubuntu and
> I'm
> > told this can't be done on ubuntu.
> >
> > I was hoping that Ubuntu developers might address this shortcoming at the
> > summit? I was told this is where these kind of things are discussed.
>
> You're suggesting a very interesting project, yet one that is likely
> to depend on a fair amount of new development.
>
> Do we have other instances of this being asked by people, such as on
> Ubuntu Brainstorm (I'll look too)? It would be important to know,
> before committing time to work on such a thing, how important it's
> perceived to be by our users.
>
> Keeping in mind that there can be a very large number of connections
> happening on a machine at any point in time, what kind of information
> are you looking for? Is it to see everything that attempts to make a
> connection or just what gets blocked by a firewall? Do you want to see
> notifications on the desktop or are you looking for this at the server
> level?
>
> All the above are information that would be best to flesh out a bit in
> advance before starting discussion just so that work items could be
> derived from the resulting discussion.
>
> Obviously, you don't *need* to discuss a project like this at UDS.
> Perhaps it's just something people can start working on as a project,
> and ask for specific things needed in Ubuntu to support using such an
> application/service
>
> Kind regards,
>
> Mathieu Trudel-Lapierre 
> Freenode: cyphermox, Jabber: mathieu...@gmail.com
> 4096R/EE018C93 1967 8F7D 03A1 8F38 732E  FF82 C126 33E1 EE01 8C93
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe

Re: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-16 Thread Mathieu Trudel-Lapierre 
On Mon, Oct 15, 2012 at 1:25 PM, Brian labishi  wrote:
>
> Hi. I'm new to Ubuntu and like it very much. Overall I like Ubuntu better
> than what I used to use, Windows. But one thing that I really miss from
> Windows is the ability to know what applications and services are connecting
> to the internet. In Windows I could log this kind of information. But I've
> asked some very knowledgeable computer people for help with Ubuntu and I'm
> told this can't be done on ubuntu.
>
> I was hoping that Ubuntu developers might address this shortcoming at the
> summit? I was told this is where these kind of things are discussed.

You're suggesting a very interesting project, yet one that is likely
to depend on a fair amount of new development.

Do we have other instances of this being asked by people, such as on
Ubuntu Brainstorm (I'll look too)? It would be important to know,
before committing time to work on such a thing, how important it's
perceived to be by our users.

Keeping in mind that there can be a very large number of connections
happening on a machine at any point in time, what kind of information
are you looking for? Is it to see everything that attempts to make a
connection or just what gets blocked by a firewall? Do you want to see
notifications on the desktop or are you looking for this at the server
level?

All the above are information that would be best to flesh out a bit in
advance before starting discussion just so that work items could be
derived from the resulting discussion.

Obviously, you don't *need* to discuss a project like this at UDS.
Perhaps it's just something people can start working on as a project,
and ask for specific things needed in Ubuntu to support using such an
application/service

Kind regards,

Mathieu Trudel-Lapierre 
Freenode: cyphermox, Jabber: mathieu...@gmail.com
4096R/EE018C93 1967 8F7D 03A1 8F38 732E  FF82 C126 33E1 EE01 8C93

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

RE: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-16 Thread Brian labishi 
Hi, Nicolas.

I've used quite a few different apps to log this information over the many 
years I've used Windows. Before switching most of my computer time over to 
Ubuntu this past summer, I was most recently using the logging features of the 
application-firewall from Comodo 
(http://www.comodo.com/home/internet-security/firewall.php). Over the years 
I've found it easier to maintain Windows by consolidating features into one 
app. (If you haven't used Windows, it is an enormous pain to keep all the 3rd 
party software up to date). And I've grown to really like the firewall features 
of Comodo; it has great options and allows fantastic configuration capabilities 
with an easy to interpret interface and easy to understand listing of rules. It 
is one of my favorite apps for Windows because it is a lot of fun to configure 
and is a great learning tool for learning about internet protocols, ports, and 
in general the connections that occur on your machine. Plus is has great 
privacy/security benefits. All of this rolled up into one app results in really 
useful logging features/capabilities.
I considered using an application-firewall on ubuntu to log this information 
but I've been told that there is no application-firewall available on ubuntu. 
After exploring the different options available on ubuntu for monitoring, I 
settled on using "watch netstat -tapun" as my favorite. And it does a nice job 
of letting me know what's going on. But it is so limited because I have to 
always be watching it and lots of stuff can connect/disconnect when I'm not 
watching. A log helps me know exactly what's connecting from my machine, even 
when I'm not watching. The log that comes with ubuntu lacks the "easy to 
interpret" listings I'm accustomed to on Windows, but it provides some good 
information. However, it doesn't say anything about what application/service 
caused the log report. This would be great info to know.


Date: Mon, 15 Oct 2012 21:30:52 +0200
Subject: Re: could you add this feature or discuss it at 13.04 Developer Summit?
From: be.nicolas.mic...@gmail.com
To: bni1...@live.com
CC: damage3...@gmail.com; ubuntu-devel-discuss@lists.ubuntu.com

Hello Brian,

I'm curious at knowing which app did you used on Windows to log that kind of 
information? Maybe that knowing it will make it more clear what features you do 
want.

Regards,
Nicolas


2012/10/15 Brian labishi 




AppArmor concept was very neat. I have spent some time with it but found it 
difficult to use because I am not smart enough with computer programming. I 
guess the problem is specific to less sophisticated users like myself. But I 
think it is very neat that ubuntu is using AppArmor.


> From: damage3...@gmail.com
> Date: Mon, 15 Oct 2012 13:20:43 -0500
> Subject: Re: could you add this feature or discuss it at 13.04 Developer  
> Summit?

> To: ubuntu-devel-discuss@lists.ubuntu.com
> 
> I guess a relevant tool would be AppArmor. I'm not an expert of it, though.

> 
> -- 
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

  

--

Ubuntu-devel-discuss mailing list

Ubuntu-devel-discuss@lists.ubuntu.com

Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss




-- 
Nicolas MICHEL

  -- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

****SPAM(6.8)**** Re: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-16 Thread Dale Amon 
Spam detection software, running on the system "ba-blue.xisp.net", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  On Mon, Oct 15, 2012 at 10:03:12PM +0200, Nicolas Michel 
wrote:
   > I just searched on google with these keywords : "linux how to log network
   > traffic" and found some really helpfull documentation. Of course it will
   [...] 

Content analysis details:   (6.8 points, 5.0 required)

 pts rule name  description
 -- --
 4.0 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL
[66.162.154.132 listed in zen.spamhaus.org]
 1.4 RCVD_IN_BRBL_LASTEXT   RBL: RCVD_IN_BRBL_LASTEXT
[66.162.154.132 listed in bb.barracudacentral.org]
 0.7 SPF_SOFTFAIL   SPF: sender does not match SPF record (softfail)
 1.0 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date
-0.5 BAYES_05   BODY: Bayes spam probability is 1 to 5%
[score: 0.0295]
 0.8 RDNS_NONE  Delivered to internal network by a host with no rDNS
-0.7 AWLAWL: From: address is in the auto white-list


--- Begin Message ---
On Mon, Oct 15, 2012 at 10:03:12PM +0200, Nicolas Michel wrote:
> I just searched on google with these keywords : "linux how to log network
> traffic" and found some really helpfull documentation. Of course it will

I usually just add a rule to iptables to send a log message to
a file in /usr/log/

--- End Message ---
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-15 Thread Robert Bruce Park 

On 12-10-15 02:30 PM, Nicolas Michel wrote:

Hello Brian,

I'm curious at knowing which app did you used on Windows to log that kind
of information? Maybe that knowing it will make it more clear what features
you do want.


This is just speculation, but a *long* time ago when I was a Windows 
user, I used a program called ZoneAlarm that was an application-level 
firewall that would prompt the user for permission for every single 
application that attempted to connect to the internet.


I'm not aware of anything similar for Linux (but that doesn't mean it 
doesn't exist; I haven't looked)


--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-15 Thread Nicolas Michel 
Brian,

I just searched on google with these keywords : "linux how to log network
traffic" and found some really helpfull documentation. Of course it will
need some effort from you to make it working since these kind of
information are not really user-friendly by themselves and end-users
usually don't want to do it!

I can recommand you ntop which is a graphical website that gives you stats
and every single network transaction details if you want to:
http://www.ntop.org/products/ntop/

On stackoverflow (
http://stackoverflow.com/questions/199432/i-need-a-tool-to-log-linux-network-traffic-by-ip-address),
some guys are recommanding iptraf (http://iptraf.seul.org/) and EtherApe (
http://etherape.sourceforge.net/). I don't know them.

You should try one of these solutions first. Then if it still don't make
you happy, come back here and tells us why ;)

If you are happy with one of them, please gives us a feedback. It's always
good to know what's working well ;)

Nicolas

2012/10/15 Nicolas Michel 

> Hello Brian,
>
> I'm curious at knowing which app did you used on Windows to log that kind
> of information? Maybe that knowing it will make it more clear what features
> you do want.
>
> Regards,
> Nicolas
>
>
> 2012/10/15 Brian labishi 
>
>> AppArmor concept was very neat. I have spent some time with it but found
>> it difficult to use because I am not smart enough with computer
>> programming. I guess the problem is specific to less sophisticated users
>> like myself. But I think it is very neat that ubuntu is using AppArmor.
>>
>> > From: damage3...@gmail.com
>> > Date: Mon, 15 Oct 2012 13:20:43 -0500
>>
>> > Subject: Re: could you add this feature or discuss it at 13.04
>> Developer Summit?
>> > To: ubuntu-devel-discuss@lists.ubuntu.com
>>
>> >
>> > I guess a relevant tool would be AppArmor. I'm not an expert of it,
>> though.
>> >
>> > --
>> > Ubuntu-devel-discuss mailing list
>> > Ubuntu-devel-discuss@lists.ubuntu.com
>> > Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>>
>> --
>> Ubuntu-devel-discuss mailing list
>> Ubuntu-devel-discuss@lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>>
>>
>
>
> --
> Nicolas MICHEL
>



-- 
Nicolas MICHEL
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-15 Thread Nicolas Michel 
Hello Brian,

I'm curious at knowing which app did you used on Windows to log that kind
of information? Maybe that knowing it will make it more clear what features
you do want.

Regards,
Nicolas

2012/10/15 Brian labishi 

> AppArmor concept was very neat. I have spent some time with it but found
> it difficult to use because I am not smart enough with computer
> programming. I guess the problem is specific to less sophisticated users
> like myself. But I think it is very neat that ubuntu is using AppArmor.
>
> > From: damage3...@gmail.com
> > Date: Mon, 15 Oct 2012 13:20:43 -0500
>
> > Subject: Re: could you add this feature or discuss it at 13.04 Developer
> Summit?
> > To: ubuntu-devel-discuss@lists.ubuntu.com
>
> >
> > I guess a relevant tool would be AppArmor. I'm not an expert of it,
> though.
> >
> > --
> > Ubuntu-devel-discuss mailing list
> > Ubuntu-devel-discuss@lists.ubuntu.com
> > Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
>


-- 
Nicolas MICHEL
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

RE: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-15 Thread Brian labishi 
AppArmor concept was very neat. I have spent some time with it but found it 
difficult to use because I am not smart enough with computer programming. I 
guess the problem is specific to less sophisticated users like myself. But I 
think it is very neat that ubuntu is using AppArmor.

> From: damage3...@gmail.com
> Date: Mon, 15 Oct 2012 13:20:43 -0500
> Subject: Re: could you add this feature or discuss it at 13.04 Developer  
> Summit?
> To: ubuntu-devel-discuss@lists.ubuntu.com
> 
> I guess a relevant tool would be AppArmor. I'm not an expert of it, though.
> 
> -- 
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
  -- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-15 Thread Ma Xiaojun 
I guess a relevant tool would be AppArmor. I'm not an expert of it, though.

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

RE: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-15 Thread Brian labishi 

Yeah, I have been exposed to these programs by friends more knowledgable than 
me. They do show the connections but I find this inadequate because they don't 
log it. If some application or service connects and then disconnects, I'll only 
learn of it if I happen to be watching at that time. Lots of things can connect 
and disconnect when I'm not watching.

Plus if I block outbound connections using the ubuntu-firewall and an 
application or service wants to use an unorthodox port for something I'll only 
learn of this if I happen to be watching the terminal at that time. There are 
times I may want to open that port to allow the connection. other times I may 
want to keep the port closed. But I have no way of knowing unless I happen to 
be watching the terminal at the time of it happening.

I do feel the current options are inadequate, so I was hoping this might get 
discussed at the Summit. Thank you for telling me about these applications 
though. I enjoy learning all these new things in ubuntu.


Date: Mon, 15 Oct 2012 07:37:08 -1000
From: p...@paulgraydon.co.uk
To: ubuntu-devel-discuss@lists.ubuntu.com
Subject: Re: could you add this feature or discuss it at 13.04 Developer
Summit?


  

  
  
Aloha,

  

  In what kind of context are you looking for this information?  Do
  you have an example tool or screenshot you can provide?

  It's relatively straight forward to find out what is currently
  listening to ports, there are two utilities that have been around
  a while, netstat and ss.  You're better off using the latter as
  netstat is reaching obsolescent, but you may occasionally find
  yourself stumbling across boxes without ss.

  

  To get a list of both active connections and listening services,
  try "ss -plan".  You'll get lines like the following back (IP
  addresses changed for security reasons):

  

  LISTEN 0  50   
  *:3306 *:*  users:(("mysqld",1384,13))

  

  ESTAB  0  0192.168.0.2:55366  
  192.168.0.3:143users:(("thunderbird",4152,52))

  

  The first line, LISTEN, tells you the machine I ran the command on
  is listening for connections on port 3306, which happens to be the
  port MySQL server uses.  The final column gives you the name of
  the program that is related to that connection, which in this case
  confirms it's mysqld.

  The second line ESTAB tells you there is an established connection
  from the machine 192.168.0.2 (local address on the machine) to a
  remote server on 192.168.0.3, port 143 (IMAP).  The final column
  tells you it's thunderbird running on the machine.  By the way, if
  you're looking to quickly translate ports to services, check
  /etc/services.  It's not an exhaustive list but most of the
  standard ones are in there:

  

  grep 3306 /etc/services 

  mysql3306/tcp

  mysql3306/udp

  

  Hope this helps in some way,

  Paul

  

  

  On 10/15/2012 07:25 AM, Brian labishi wrote:



  
  


Hi. I'm new to Ubuntu and like it very much. Overall I like
  Ubuntu better than what I used to use, Windows. But one thing
  that I really miss from Windows is the ability to know what
  applications and services are connecting to the internet. In
  Windows I could log this kind of information. But I've asked
  some very knowledgeable computer people for help with Ubuntu
  and I'm told this can't be done on ubuntu. 

  

I was hoping that Ubuntu developers might address this
shortcoming at the summit? I was told this is where these
kind of things are discussed. 



I'd like to be able to log what applications & services
are connecting to the internet when I use Ubuntu. This is
the feature I would like to have in ubuntu. Much Thanks.

  

  
  

  
  




  


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss  
   -- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: could you add this feature or discuss it at 13.04 Developer Summit?

2012-10-15 Thread Paul Graydon 

Aloha,

In what kind of context are you looking for this information?  Do you 
have an example tool or screenshot you can provide?
It's relatively straight forward to find out what is currently listening 
to ports, there are two utilities that have been around a while, netstat 
and ss.  You're better off using the latter as netstat is reaching 
obsolescent, but you may occasionally find yourself stumbling across 
boxes without ss.


To get a list of both active connections and listening services, try "ss 
-plan".  You'll get lines like the following back (IP addresses changed 
for security reasons):


LISTEN 0  50 *:3306 *:*  
users:(("mysqld",1384,13))


ESTAB  0  0192.168.0.2:55366 192.168.0.3:143
users:(("thunderbird",4152,52))


The first line, LISTEN, tells you the machine I ran the command on is 
listening for connections on port 3306, which happens to be the port 
MySQL server uses.  The final column gives you the name of the program 
that is related to that connection, which in this case confirms it's mysqld.
The second line ESTAB tells you there is an established connection from 
the machine 192.168.0.2 (local address on the machine) to a remote 
server on 192.168.0.3, port 143 (IMAP).  The final column tells you it's 
thunderbird running on the machine.  By the way, if you're looking to 
quickly translate ports to services, check /etc/services.  It's not an 
exhaustive list but most of the standard ones are in there:


grep 3306 /etc/services
mysql3306/tcp
mysql3306/udp

Hope this helps in some way,
Paul


On 10/15/2012 07:25 AM, Brian labishi wrote:


Hi. I'm new to Ubuntu and like it very much. Overall I like Ubuntu 
better than what I used to use, Windows. But one thing that I really 
miss from Windows is the ability to know what applications and 
services are connecting to the internet. In Windows I could log this 
kind of information. But I've asked some very knowledgeable computer 
people for help with Ubuntu and I'm told this can't be done on ubuntu.


I was hoping that Ubuntu developers might address this shortcoming at 
the summit? I was told this is where these kind of things are discussed.


I'd like to be able to log what applications & services are connecting 
to the internet when I use Ubuntu. This is the feature I would like to 
have in ubuntu. Much Thanks.





-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss