Hello! Very recently one of my servers restarted unexpectedly, since one of my services does not start on boot that service was down all day until I got home.
Someone in my IRC-channel said to me that some kind of script would be good to check if a server was up, he said that the script would check if the server is up, if it is not up it would send me a text message. I took that script a bit further by making an app for it. So here I am today. Having multiple ideas of how I am going to continue development of this app, it has becomed more a IDS than a check-if-up-app.
Features that I am about to implement:
Checks response time
Checks if service is up (by checking if it can connect to specified port)..
It will be able to see how much processor and memory the server is using (through SSH)
Will be able to check for file changes in a directory (through SSH)
Will have similar features as fail2ban, notify if any bruteforce attempt is happening, notify if any unrecognized IP has logged in to the server (through SSH).
As you might see most of the features will use SSH, mostly because of not having to install software on the server.
How many out there do you think would be interested in this kind of app? Is it worth continue developing?
Hi all, I usually dont post on here as I am usually able to figure most things out myself including rooting, harware replacements, app installs using apks and data, generally overall quite proficient but I find myself lost on this one. Thats where the wonderful brains of XDA come in. Basically I have an issue where a certain application uses a login at launch. The application actually redirects to a website to verify the username and password combo. During the first login attempt, it will produce a username and password error. If you close the application and attempt to log in again, same issue. The username/password error is produced in a pop up window with an ok option on it to acknowledge error. Heres where things get a little interesting. If you do not exit the application and hit ok on the error window, you then have the option to try to log in again without relaunching app. This will work every single time. So basically what I am trying to figure out is a way to trace the app on both instances to verify where the application may be failing along the network and using the second instance where it works to cross reference to see failure point. I have tried packet sniffer to no avail. Any other suggestions would be greatly appreciated!
Xposed app firewall.
This app is an firewall for the installed apps. Only apps with permission "android.permission.INTERNET" are
shown. IPv4 and IPv6 are supported together with TCP and UDP. You could configure outgoing and incomming
connections independent from each other.
The rules could be applied for each network: W-Lan, local network, mobile, roaming, unknown.
Logging is configurable for incomming/outgoing and allowed/denied connections.
Colors:
Blue: Template is used.
Yellow: Custom settings.
Green: The app is trusted.
Red: The app is blocked.
Features:
No iptables required, the kernel doesn't need to support it.
The firewall is active when Android starts, no startup data leak.
The rules are always active, no re-apply on connection change is needed.
Limitiation:
Host names in the log file are PTR entries.
Works only for Android (Java), not the native (Linux) part
Donation:
No self-promotion in the app.
You could trust or block an app (Menu/ActionBar)
You could use a template for not configured apps
Additional (experimental) networks: Bluetooth, WiMAX, Ethernet
Tasker support, per App
You support this app and further development!
Permissions:
ACCESS_SUPERUSER: apply iptables rules
This app does not connect itself to any websites or hosts!
Important:
This app needs the Xposed Framework. The framework requires root access for installation. Don't forget to enable the module in Xposed. You can grab it here: Xposed Installer
Website: http://tinyurl.com/l5bpv23
Play Store: http://tinyurl.com/ome2pvc
Xposed Repository: http://tinyurl.com/ksc6plz
Changelog: http://tinyurl.com/n8gsqja
Why this app? No firewall for Xposed exists yet
Translation:
You could find here a interface to translate the english strings: http://tinyurl.com/okycacj
A free account of www.oneskyapp.com is required to edit. Additional, please attach your email address or send it via PM
Insane.. I was looking for something like this about 12 hours ago.. its almost like you read my mind and made it just for me!.
I like your style. Nice and simple and keeping it in line with your others.
Sent from my GT-I9300 using Tapatalk
Downloading now.
Sent from my SCH-I535 using XDA Premium 4 mobile app
shivadow said:
Insane.. I was looking for something like this about 12 hours ago.. its almost like you read my mind and made it just for me!.
I like your style. Nice and simple and keeping it in line with your others.
Sent from my GT-I9300 using Tapatalk
Click to expand...
Click to collapse
Maybe you head me thinking loud 6 weeks after starting this app: "i will release today, if there are still error, i'll fix them later"
Am I correct in assuming this is not open source?
I got a question about incoming/outgoing connections, maybe somone else want to know:
Incoming connections are used by less than 1% of all apps. This is used if the app is a "server", like BubbleUPnP. So most time incoming conections could be blocked, i think for mobile network 100%.
An outgoing connection is like a phone call: You call someone (outgoing connection), and can talk (send "data") and hear (receive "data")
Wifi Internet and Network:
If you want to control eg your local tv-receiver, xbmc device or avm router (with FreetzMobil), only connections to the local network are required. This prevents app to send data to the internet.
The "local network" are all "private" IPv4 and IPv6, they will not be forwarded by internet routers. Additionally, if you use "public" IPs they are local if it is in the same subnet as a ip of your device. Uncommon for IPv4 usage, but public IPv6 are the common usage (public IPv6 for every device)
an0n981 said:
Am I correct in assuming this is not open source?
Click to expand...
Click to collapse
As usual i send source only to people i know
I took this mod for a quick test drive, a little feedback:
-Is it not possible to restrict kernel?
-Could it be that apps that use native libraries to connect to the internet cannot be restricted? Firefox and Mega (both use native libraries) were able to connect even when completely restricted.
Also a little cosmetic issue com.android.process.gapps showed completely green at all times. However restrictions were applied properly
an0n981 said:
I took this mod for a quick test drive, a little feedback:
-Is it not possible to restrict kernel?
-Could it be that apps that use native libraries to connect to the internet cannot be restricted? Firefox and Mega (both use native libraries) were able to connect even when completely restricted.
Also a little cosmetic issue com.android.process.gapps showed completely green at all times. However restrictions were applied properly
Click to expand...
Click to collapse
Yes, see OP: "Limitiation: ... no native binaries." This is because the design of Xposed
Isn't it "com.google.process.gapps"? Onyl this one app has the wrong colors? Has it a green dot for "trusted app"? What did you configured for it?
Yes I meant com.google....
I set it from template to custom, blocked everything, however in the app overview it still showed as all green. When it was restricted GCM was blocked and the log showed blocked connections to mtalk.google.com:5228. Then I unrestricted outgoing mobile and wifi and GCM was available and the log correctly showed allowed connections but the colors in the app overview didn't change
Version 1.0.1 uploaded
- fix "incoming" thx @w0rinal
- also an error related to coloring, @an0n981 can you check if it fixes your problem? Toggling options could be required
defim said:
- also an error related to coloring, @an0n981 can you check if it fixes your problem? Toggling options could be required
Click to expand...
Click to collapse
Sorry the bug is still present
Also 1 more questions. Do you see any problem running this along side AFWall?
The bug affects any app that starts end ends with <>. <android.media> and <org.mozilla.firefox.sharedid> also always revert back to displaying completely green once the app is reloaded
an0n981 said:
Also 1 more questions. Do you see any problem running this along side AFWall?
Click to expand...
Click to collapse
No, should work without problems. The one created iptables rules other hooks the connection methods - if one fails, the other does it
an0n981 said:
The bug affects any app that starts end ends with <>. <android.media> and <org.mozilla.firefox.sharedid> also always revert back to displaying completely green once the app is reloaded
Click to expand...
Click to collapse
The "<>" entries are not real apps (.apks) with a package name, they are uids. At app start i load all installed apps with internet-permission and hide apps which are no more installed / have not any longer the permissions -> the uid items are not in the list of installed apps (obviously)
Will be fixed in next release
EDIT: Uploaded
This is awesome ?
A few questions:
- is there a way to edit template? I couldn't find it anywhere in settings- am I missing something?
- Can you add multiple selection? For example, someone has lots of apps and wants to block roaming to them etc. etc. without having to change it manually for each app.
- filtering or sorting apps? perhaps something simple like the way afwall , or a more thorough filter like XPrivacy has?
Sent from my Nexus 5 using Tapatalk
defim said:
The "<>" entries are not real apps (.apks) with a package name, they are uids. At app start i load all installed apps with internet-permission and hide apps which are no more installed / have not any longer the permissions -> the uid items are not in the list of installed apps (obviously)
Will be fixed in next release
EDIT: Uploaded
Click to expand...
Click to collapse
Confirmed fixed
jaibar said:
This is awesome ?
A few questions:
- is there a way to edit template? I couldn't find it anywhere in settings- am I missing something?
- Can you add multiple selection? For example, someone has lots of apps and wants to block roaming to them etc. etc. without having to change it manually for each app.
- filtering or sorting apps? perhaps something simple like the way afwall , or a more thorough filter like XPrivacy has?
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
The template is used for all "blue" apps, which where are not configured by user. Modifying template is part of the donator options (see OP).
Btw, next planned feature: detection of VPN connections
defim said:
The template is used for all "blue" apps, which where are not configured by user. Modifying template is part of the donator options (see OP).
Btw, next planned feature: detection of VPN connections
Click to expand...
Click to collapse
Nice feature !
I dry tested this app (i.e. not checked in the Xposed module on my device) and already saw that the VPN was missing. Now I use AFWall+ which is good and has more profiles. I block all Google apps with it with a 'limited internet' profile and every time I download something from Play, I load another profile which allows 'Google Play services' and 'Google Play store' internet connection and after download/update I revert to 'Limited internet'.
On my Mac I have 'Little Snitch' firewall which has the ability to let it prompt for certain apps which I don't want to be connected permanently (such as the Mac App Store), but only when I do e.g. an OSX update. In that case I let it prompt and say 'only this time'.
A similar approach on LightingWall should be very welcome. E.g. a notification that the Play store wants to connect with internet and when one wants to download / update an app, say 'only this time' and not permanently.
mermaidkiller said:
Nice feature !
I dry tested this app (i.e. not checked in the Xposed module on my device) and already saw that the VPN was missing. Now I use AFWall+ which is good and has more profiles. I block all Google apps with it with a 'limited internet' profile and every time I download something from Play, I load another profile which allows 'Google Play services' and 'Google Play store' internet connection and after download/update I revert to 'Limited internet'.
On my Mac I have 'Little Snitch' firewall which has the ability to let it prompt for certain apps which I don't want to be connected permanently (such as the Mac App Store), but only when I do e.g. an OSX update. In that case I let it prompt and say 'only this time'.
A similar approach on LightingWall should be very welcome. E.g. a notification that the Play store wants to connect with internet and when one wants to download / update an app, say 'only this time' and not permanently.
Click to expand...
Click to collapse
Xprivacy implements a similar thing, allowing the user to be informed when one of the restrictions are asking for access of that permission, including internet permissions(no distiction between lan or vpn), i would also welcome an on demand prompt feature for this app, its one faeture i wished afwall had, but believe it cant because of the nature of iptables i believe,
Saying that im also kinda worried that this might conflict, two apps essentially fighting for control to "pause" the system, hope im wrong, maybe if the two devs of the two respective apps co-orporated in implementation,it might be resolved, if there is an issue, i dont know........... but im getting ahead of myself here, defim has not even stated that he'll implement this, still, no harm in discussing possibilities, slim or not
@banderos101 @mermaidkillerIf you want to be informed if an app is allowed or denied to access some hosts, you could get it with Tasker. Just with a simple message box or more enhanced things Tasker can do. It should not be a problem using this app wiht Xprivacy, AFwal etc. If you block a connection with one app, it could be that the others can't see/log it. This depends on the order of the apps, An iptables firewall should be the last the connection is passing.
A per host filter is not planned, if you want to stop connection to some (tracking, malwar, adware) hosts a hosts file filter could be used, like my UnbelovedHosts
defim said:
As usual i send source only to people i know
Click to expand...
Click to collapse
Too big a risk to take for security software like this. Post your work up on Github under a reasonable license.
I'm not seeing a big advantage over the GPL AFWall+ anyway.
Hello everyone, i've been racking my brains for the last few days figuring out why i cant sniff my twitter android app traffic anymore!
Basically what worked before was that i had simply installed fiddler/charles proxy on my PC, exported the root certificate (and added it to my android devices CA storage), then i installed cydia's mobile substrate and Android-SSL-TrustKiller because apparently the twitter apk uses certificate pinning that needs to be bypassed in order to properly MitM the app. I set my android wifi proxy settings to the same ip : port as the machine that fiddler/charles is listening on.
Unfortunately this does not work anymore and im left unable to properly read twitters app traffic, whereas googleplay, facebook, instagram, etc etc all work fine. It had worked fine until a few days ago. I hadn't updated my twitter app either so im just not sure how it could have broke itself.
I tried proxydroid (which uses iptables i believe), and fiddler showed attempts at connecting to one of twitters ip, but it never goes through (i believe this is an issue with the IP not resolving to the host-name correctly, which causes certificate name mismatch errors)
I'm incredibly vexed... i'll pay a fair amount to anyone who can help me properly diagnose and fix this issue.
If it helps, im on a SGS3 android version 4.1.2 (I even tried genymotion emulator, yielding the same results). Perhaps if someone can sucessfully perform this on their own device, they can help me along to identify the issue.
Rooted SM-G900T. Need to run a SIP client connected to a back-end SIP gateway, by using a specific cert. The cert installation only works with PIN as screen lock, not pattern. Pattern gets disabled as option in settings, after cert install. Clearing the credentials - of course - makes the pattern available again, but that is not what I want
Found this article, which I am planning to try next, unless someone here has some other ideas on how to make the pattern work AFTER the normal cert install, rather than the instructions in the article I am referencing here. Maybe my search patterns tried so far did not capture the right articles, but I am little surprised about not having some related issues in these forums - so pointers or RTFF(orum) with appropriate links will be appreciated, also, if I missed such.