Releases: elesiuta/picosnitch
Releases · elesiuta/picosnitch
Version 0.9.1
- improvements to executable detection reliability (so that extremely short-lived ones are less likely to evade hashing)
- get dev + inode of running executable directly using bpf program (then confirm it matches the file descriptor once opened)
- open file descriptors to every running executable as soon as they're seen instead of waiting for connections
- if the executable itself still manages to evade being hashed (unlikely), it is logged as the child of its parent
- add warning if running on system with btrfs and ignore dev since it behaves strangely with btrfs, relying on just inode (which also has the problem of not always being unique, with btrfs)
Version 0.9.0
- log ignore improvements
- add support for domains and hashes
- drop support for process names since those can be impersonated
- add new experimental feature "Every exe (not just conns)"
- this feature will likely be forever "experimental" since it is slightly outside of the goals/scope of picosnitch, and difficult to improve upon with existing kernel and bpf features, but was trivial to add in its current form without interfering with other functionality
- it functions sort of like real time monitoring in traditional anti-malware software and may be useful for people who want greater intrusion detection coverage
version 0.8.2
- automatically try to find a human user to set for SUDO_UID and DBUS_SESSION_BUS_ADDRESS if not in environment
Version 0.8.1
- improved initialization performance
- improved error messages
- improved virustotal retry logic
Version 0.8.0
- fix Set RLIMIT_NOFILE not setting
- summary.json was split into exe.log and record.json
- add option to write connection log to conn.log
- writing connection logs to snitch.db (sqlite3) is now optional (needed for curses ui)
- systemd restart always by default
Version 0.7.3
- fix config init when setting rlimit nofile
- fix default config not writing on first run if using systemd
Version 0.7.2
- improved error message for virustotal upload timeout
Version 0.7.1
- fix packaged systemd service file not working
Version 0.7.0
- use fanotify to watch inodes for process executables for improved performance/efficiency (which makes it much harder for processes to accidentally fall out of cache before being hashed)
- minor fixes and usability improvements
- no longer depends on vt-py, uses requests library instead
- packaging for ubuntu, arch, and their derivatives
Version 0.6.2
- fd cache fixes (use inode instead of exe path)
- vt fixes
- imports fixed