version 0.5.0

elesiuta · Nov 14, 2021 · dd432ab · dd432ab
1 parent 10db757
commit dd432ab
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # picosnitch
-- An ultra lightweight program for linux to monitor your system and notify you whenever it sees a new program that connects to the network
-- Or when the sha256 changes for one of these programs (can also check VirtusTotal)
+- An ultra lightweight program for linux that monitors your system and notifies you whenever it sees a new program that connects to the network
+- Or when the sha256 changes for one of those programs (can also check VirtusTotal)
 - And features a curses based UI for browsing past connections
 - Inspired by programs such as GlassWire, Little Snitch, and OpenSnitch
 # getting started
@@ -14,15 +14,15 @@
 `picosnitch start`
 - stop daemon with  
 `picosnitch stop`
-- view past connections with (does not matter whether daemon is running or not)  
+- view past connections with  
 `picosnitch view`
 ## configuration
 - config and list of seen processes are stored in `~/.config/picosnitch/snitch.json`
 - stop picosnitch if it is currently running before making any edits otherwise your changes will be lost
 ```python
 {
   "Config": {
-    "DB write min (sec)": 1, # Minimum time between writing logs to snitch.db
+    "DB write min (sec)": 1, # Minimum time (seconds) between writing logs to snitch.db
     "Keep logs (days)": 365, # How many days to keep connection logs
     "Log command lines": True, # Log command line args for each executable
     "Log remote address": True, # Log remote addresses for each executable

diff --git a/picosnitch.py b/picosnitch.py
@@ -53,7 +53,7 @@
 except Exception:
     system_notification = lambda title, message, app_name: print(message)
 
-VERSION = "0.4.8dev"
+VERSION = "0.5.0"
 
 
 class Daemon:
@@ -478,7 +478,7 @@ def updater_subprocess(init_pickle, snitch_pipe, sql_pipe, q_error, q_in, _q_out
                         snitch["SHA256"][msg["exe"]] = {msg["sha256"]: msg["result"]}
                     if msg["suspicious"]:
                         toast("Suspicious VT results for " + msg["name"])
-            # write snitch
+            # write snitch.json and error.log (no more than once per 30 seconds, and at least once per 10 minutes, may need adjusting, eg no delay if snitch["Errors"])
             if time.time() - last_write > 30:
                 new_size = sys.getsizeof(pickle.dumps(snitch))
                 if new_size != sizeof_snitch or time.time() - last_write > 600:
@@ -656,6 +656,7 @@ def virustotal_subprocess(config: dict, q_error, q_vt_pending, q_vt_results):
                             q_vt_results.put(pickle.dumps((proc, sha256, "Failed to read file for upload", suspicious)))
                             continue
                     else:
+                        # could also be an invalid api key
                         q_vt_results.put(pickle.dumps((proc, sha256, "File not analyzed (analysis not found)", suspicious)))
                         continue
                 if analysis.last_analysis_stats["malicious"] != 0 or analysis.last_analysis_stats["suspicious"] != 0:
@@ -866,7 +867,7 @@ def main_ui(stdscr: curses.window, splash: str, con: sqlite3.Connection) -> int:
             else:
                 stdscr.attrset(curses.color_pair(0))
             if 0 <= line - offset < curses.LINES - 1:
-                # special cases (cmdline null chars, uid)
+                # special cases (cmdline null chars, uid, maybe add sha256 and vt results or debsums lookup?)
                 if type(name) == str:
                     name = name.replace("\0", "")
                 elif (not is_subquery and p_col[pri_i] == "uid") or (is_subquery and s_col[sec_i] == "uid"):