We offer packages for four major 64-bit CPU architectures found in desktop and laptop computers
today. For each architecture, we provide .deb (Debian, Ubuntu, Mint, Kali, …),
.rpm (Fedora, RHEL, openSUSE, CentOS, …) and .pkg.tar.zst (Arch, Manjaro,
CachyOS, EndeavourOS, …). Choose the right combination from the list below. For statically linked binaries scroll down.
Installation and system requirements
To check the integrity of downloaded packages, download the following two files and follow the instructions in the .hashes.txt file.
| Integrity Check | ||
|---|---|---|
| littlesnitch-1.1.0.hashes.txt | 3.21 kB | |
| littlesnitch-1.1.0.hashes.txt.sig.github.json | 6.61 kB | |
If our binary does not run on your computer, telling you that a library is missing, you can try our statically linked binaries. These binaries have almost no external library dependency.
The archives below contain the littlesnitch binary, the Systemd service file and SysVinit start script. For any other init system just make sure to run littlesnitch --daemon on system start. The daemon manages everything else.
Legacy versions can be downloaded here. Please note that new versions may fix vulnerabilities and running legacy versions may be a security risk.
This version introduces automatic software update notifications. When a new version of Little Snitch becomes available, you will now be notified directly in the UI.
We recognise that automatic update checks raise privacy concerns for some users and may be in conflict with third party redistribution systems, which often manage software updates independently. You can completely disable this feature by creating an empty file at:
/var/lib/littlesnitch/override/config/software_update.toml
If you do so, you can stay up to date by monitoring our download page or subscribing to GitHub releases instead.
Note to redistributors: The update behaviour can be fully customised using software_update.toml in the override config directory. Add an empty file to disable our update notification or edit to change behavior.
--no_capability_sandbox and --no_file_sandbox.#!/bin/sh line must be removed so that #!/sbin/openrc-run takes effect.ui_base_urls for the Web UI adds a check against Cross-Site Request Forgery. If you have overridden web_ui.toml, consider adding this option to your override file.Yesterday's security update accidentally broke the disclosure buttons in the connections section. This release restores them.
This release also includes two new features:
This release focuses on security hardening of the local web interface and authentication system.
rpm-ostree runs in a sandboxed environment, the post-install script always failed and the install was rolled back. Errors are now ignored to allow installation.$PATH in startup script and improved detection of init system in post-install script.This release fixes a bug where network traffic from Java applications was not shown. This bug affected all processes which open a socket with address family AF_INET6, but use 6-to-4 compatibility addresses to send IPv4 traffic.
It also adds an init.d script for OpenRC and SysVinit compatibility to the installer packages.
This bugfix release addresses the following issues:
This bugfix release fixes an issue with Btrfs: Executables on Btrfs appeared as "Not Identified" processes.
It does not fix an incompatibility with Linux 6.19 where the eBPF verifier rejects our program.
This is the first public release of Little Snitch for Linux. We hope it proves useful — and perhaps a little eye-opening.