Improved rules

2026-02-09 05:44:23 +00:00 · 2023-02-16 23:44:58 +01:00
parent 76b0298db2
commit f41e54ecdf
4 changed files with 42 additions and 8 deletions
--- a/snitch/parts/firefox.lsrules
+++ b/snitch/parts/firefox.lsrules
@@ -18,16 +18,25 @@
            "process": "/Applications/Firefox.app/Contents/MacOS/firefox",
            "protocol": "tcp",
            "remote-hosts": [
-                "o.lencr.org",
                "ocsp.digicert.com",
                "ocsp.entrust.net",
                "ocsp.globalsign.com",
                "ocsp.pki.goog",
                "ocsp.r2m01.amazontrust.com",
                "ocsp.sca1b.amazontrust.com",
-                "ocsp.sectigo.com"
+                "ocsp.sectigo.com",
+                "ocsp.usertrust.com",
+                "status.geotrust.com"
            ]
        },
+        {
+            "action": "allow",
+            "notes": "Allow Firefox to gather information about certificates.",
+            "ports": "80",
+            "process": "/Applications/Firefox.app/Contents/MacOS/firefox",
+            "protocol": "tcp",
+            "remote-domains": "o.lencr.org"
+        },

        {
            "action": "deny",
--- a/snitch/parts/raspberrypi-imager.lsrules
+++ b/snitch/parts/raspberrypi-imager.lsrules
@@ -2,6 +2,14 @@
    "description": "",
    "name": "RaspberryPi Imager",
    "rules": [
+        {
+            "action": "allow",
+            "notes": "Allow RaspberryPi Imager to securely download updates.",
+            "ports": "443",
+            "process": "/Applications/Raspberry Pi Imager.app/Contents/MacOS/rpi-imager",
+            "protocol": "tcp",
+            "remote-hosts": "downloads.raspberrypi.org"
+        },
        {
            "action": "allow",
            "notes": "Allow RaspberryPi Imager to securely connect to websites to download images and their metadata.",
--- a/snitch/parts/vscode.lsrules
+++ b/snitch/parts/vscode.lsrules
@@ -53,6 +53,7 @@
            "process": "/Applications/Visual Studio Code.app/Contents/MacOS/Electron",
            "protocol": "tcp",
            "remote-hosts": [
+                "login.microsoftonline.com",
                "vscode-sync-insiders.trafficmanager.net",
                "vscode-sync.trafficmanager.net",
                "vscode.dev"
@@ -76,8 +77,7 @@
            "action": "deny",
            "notes": "Stop VS Code's Helper from connecting to dc.services.visualstudio.com.\nUsed by the Application Insights SDK or Application Insights Agent to send data to the vendor's services in Azure.\nSee https://learn.microsoft.com/en-us/azure/azure-monitor/app/ip-addresses for details.",
            "process": "/Applications/Visual Studio Code.app/Contents/MacOS/Electron",
-            "remote-hosts": "dc.services.visualstudio.com",
-            "via": "/Applications/Visual Studio Code.app/Contents/Frameworks/Code Helper.app/Contents/MacOS/Code Helper"
+            "remote-hosts": "dc.services.visualstudio.com"
        }
    ]
 }
--- a/snitch/ruleset.lsrules
+++ b/snitch/ruleset.lsrules
@@ -46,16 +46,25 @@
            "process": "/Applications/Firefox.app/Contents/MacOS/firefox",
            "protocol": "tcp",
            "remote-hosts": [
-                "o.lencr.org",
                "ocsp.digicert.com",
                "ocsp.entrust.net",
                "ocsp.globalsign.com",
                "ocsp.pki.goog",
                "ocsp.r2m01.amazontrust.com",
                "ocsp.sca1b.amazontrust.com",
-                "ocsp.sectigo.com"
+                "ocsp.sectigo.com",
+                "ocsp.usertrust.com",
+                "status.geotrust.com"
            ]
        },
+        {
+            "action": "allow",
+            "notes": "Allow Firefox to gather information about certificates.",
+            "ports": "80",
+            "process": "/Applications/Firefox.app/Contents/MacOS/firefox",
+            "protocol": "tcp",
+            "remote-domains": "o.lencr.org"
+        },
        {
            "action": "deny",
            "notes": "Stop Firefox from connecting to Google's Interactive Media Ads SDK, which allows developers and publishers to show interactive and video ads on their websites and mobile apps.",
@@ -162,6 +171,14 @@
            "protocol": "tcp",
            "remote-hosts": "flow.logitech.io"
        },
+        {
+            "action": "allow",
+            "notes": "Allow RaspberryPi Imager to securely download updates.",
+            "ports": "443",
+            "process": "/Applications/Raspberry Pi Imager.app/Contents/MacOS/rpi-imager",
+            "protocol": "tcp",
+            "remote-hosts": "downloads.raspberrypi.org"
+        },
        {
            "action": "allow",
            "notes": "Allow RaspberryPi Imager to securely connect to websites to download images and their metadata.",
@@ -258,6 +275,7 @@
            "process": "/Applications/Visual Studio Code.app/Contents/MacOS/Electron",
            "protocol": "tcp",
            "remote-hosts": [
+                "login.microsoftonline.com",
                "vscode-sync-insiders.trafficmanager.net",
                "vscode-sync.trafficmanager.net",
                "vscode.dev"
@@ -279,8 +297,7 @@
            "action": "deny",
            "notes": "Stop VS Code's Helper from connecting to dc.services.visualstudio.com.\nUsed by the Application Insights SDK or Application Insights Agent to send data to the vendor's services in Azure.\nSee https://learn.microsoft.com/en-us/azure/azure-monitor/app/ip-addresses for details.",
            "process": "/Applications/Visual Studio Code.app/Contents/MacOS/Electron",
-            "remote-hosts": "dc.services.visualstudio.com",
-            "via": "/Applications/Visual Studio Code.app/Contents/Frameworks/Code Helper.app/Contents/MacOS/Code Helper"
+            "remote-hosts": "dc.services.visualstudio.com"
        },
        {
            "action": "allow",