can we find a solution to bug #820895 (show Process Name in log files)?

Robbie Williamson robbie at ubuntu.com
Thu Jan 26 21:30:52 UTC 2012 

Seems to be 2 separate issues in this thread:

1) Our system logging for firewall issues only logs PIDs via iptables
with no program name.  Given other applications like netstat and nethogs
can do this, I think it's something we should try and work with upstream
to address. (my $0.02)

2) Users can't firewall based on applications.  I could be completely
wrong here, but I believe AppArmor[1] provides this functionality via
profiles.  While not as simple as adding an application to a list, it
might be an alternative solution until there's an easier way to do this.

http://manpages.ubuntu.com/manpages/hardy/man5/apparmor.d.5.html

-Robbie

On 01/26/2012 02:51 PM, Jason Todd wrote:
> Nick, the package is called "acct" all by itself.
> IMHO it will not solve the problem you are facing. I have tried it and
> it is not "user-friendly" compared to what you are used to. I have
> watched numerous people go back to Windows largely because of user
> frustration/inability to discover/control what applications can and
> cannot internet connect.  I remember reading one review of ubuntu where
> the reviewer hooked up some friends with 11.04 to get their opinions.
> One of the things the friends complained about was only having control
> of ports (and not applications) in the firewall. I could have swore it
> was at tomshardware.com. I've searched but can't find the review. It was
> back around the time 11.04 came out.
> The way Linux deals with applications and internet connections has not
> evolved to a consumer-desktop-level. In an age where privacy and
> security are very important, it's going to need to address this to gain
> more users. I was sad to see Bug 820895 marked as Won't Fix.
> 
> I personally tried to get my friend to start using ubuntu. But he grew
> frustrated with no application firewall capabilities. He posted in the
> ubuntu-forums on the issue and it generated a long discussion but
> ultimately turned into a big mess where lots of ubuntu users were
> calling him an idiot and saying that Windows uses an application
> firewall because Windows sucks. The thread was closed and my friend went
> back to Windows feeling like ubuntu is only for programmers and everyone
> that uses Ubuntu thinks he's stupid cause he wanted an application firewall.
> 
> ------------------------------------------------------------------------
> From: nrundy at hotmail.com
> To: psusi at ubuntu.com; ubuntu-devel-discuss at lists.ubuntu.com
> Subject: RE: can we find a solution to bug #820895 (show Process Name in
> log files)?
> Date: Thu, 26 Jan 2012 10:16:22 -0500
> 
> Philip, thanks for your reply. I greatly appreciate it. You said,
> 
>>>>If you don't like the connections a program makes, then configure it
> not to do so. If you can't do that, then don't run such a bad program.>>>
> 
> This is what I'm trying to do on Ubuntu! :)   if I can't log the process
> name, How do I learn what connections a program is making so that I can
> configure that program to not make those connections? You see the problem?
> 
> For over a year I have been struggling (on Ubuntu) with a way to
> identify the connections programs are making so that I can do what you
> say: configure it not to make those connections or to uninstall the
> program if I deem it a "bad program." This is a non-issue on Microsoft
> Windows because I can easily identify connections programs are making
> and I can KNOW the comings and goings on my computer as it is all logged
> with Application Name in the firewall log. One of the criteria I use to
> select which applications I install and run is "internet connection
> behavior." It has been very difficult selecting applications I prefer in
> Ubuntu because I am forced to sit and watch netstat while trying to
> accomplish things. What I have ended up doing is (when available)
> installing the same program on Windows, study the firewall log in
> Windows and then deeming it a "good" or "bad" program for use in Ubuntu.
> So I am still seeking a solution on Ubuntu. If there's some other way to
> accomplish what I'm after (than using a Firewall Log), I will use it.
> But I have yet to find as reasonable a solution on Ubuntu. As others
> have remarked in forums etc, this is becoming an increasing priority in
> order to manage Mobile Broadband internet connection usage as the
> accounts come with bandwidth caps where users are charged a lot of extra
> money if they exceeds the caps.
> 
> I will investigate using acct package, is this the name ("acct" or "acct
> package") I should search for in Synaptic? I have not tried this as a
> solution and really appreciate your suggestion.
> 
> 
> 
>> Date: Wed, 25 Jan 2012 19:55:18 -0500
>> From: psusi at ubuntu.com
>> To: nrundy at hotmail.com
>> CC: ubuntu-devel-discuss at lists.ubuntu.com
>> Subject: Re: can we find a solution to bug #820895 (show Process Name
> in log files)?
>>
> On 01/25/2012 06:22 PM, nick rundy wrote:
>> Is there anything that can be done to create some way for Ubuntu
>> users to get the capability of having a static record of what
>> application/s made an outgoing connection?
> 
> That would require a change to the iptables kernel module that
>> implements process based rules. Last I saw, it wasn't really maintained
>> because the whole concept is considered broken by design. In other
>> words, you shouldn't be setting rules based on processes.
> 
> Needing an external firewall to control network activity of a program
>> in the first place is the result of using badly behaved closed source
>> programs, and so it largely a non issue for the open source community.
> 
>> The capability to log "process names" has been requested by numerous
>> users over the years, here's some links:
> 
> If you want to log what processes are run and when in general, then
>> you can install and configure the acct package. You could then use the
>> accounting information to look up what process had a given pid at a
>> given time.
> 
> 
> -- Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
> 
> 

-- 
Robbie Williamson <robbie at ubuntu.com>
robbiew[irc.freenode.net]

"Don't make me angry...you wouldn't like me when I'm angry."
 -Bruce Banner

More information about the Ubuntu-devel-discuss mailing list