LINUXsecure_LOGO
Issues on Linux and Security
 
-->
 
 
 
 
 
 
 
home
button Home
 

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.


back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Michael Larabel at Phoronix exploreshow the X.org developer community is grappling with its patch-review process. ""David Airlie commented on the developers' mailing list about the lack of patch review for the new API patches, he wonders how he's 'going to get the next 50 patches in at this rate some time this year.' Alan Coopersmith then responded with how there seems to be a harder time overall in getting patch reviews done. Coopersmith says, 'I've got no ideas how to fix this quickly, but we need to get it fixed.'"
X.Org: "A Wasteland of Unreviewedness"(Phoronix)

Martin Davis of the JTS Topology Suite project points readersto an article in Naturearguing that open source software should be a standard requirement for peer-reviewed science. "The paper raises the argument for open source software to a higher plane, that of being a necessary component of scientific proof. It points out that the increasing use of computational science as a basis for scientific discovery implies that open source must become a standard requirement for documentation. Apparently some journals such as Science already require source code to be supplied along with submissions of articles."
A scientific basis for Open Source Software

Debianhas updated openssl(integer underflow). Fedorahas updated F16: pidgin-otr(format string vulnerability), F16: drupal6-og(upstream security update). Ubuntuhas updated 10.04: kernel(multiple vulnerabilities), backuppc(cross-site scripting), and update-manager(multiple vulnerabilities).
Security advisories for Friday

Fedora Project Leader Robyn Bergeron announcedthat the release of Fedora 17 has been delayed by one week, to May 29. "GA [General Availability] for F17 is now scheduled for 2012-05-29. Adjustments to the schedule and wiki will be completed later today. We will be meeting again next Thursday, 2012-05-24, for another Go/No-Go meeting."The decision was reached in order to close four outstanding blockers. A second F17 release candidate (RC2) will be spun in the interim.
Fedora 17 release pushed back to May 29

The Mandriva Blog contains a short postingstating Mandriva SA's intent to hand control of the distribution over to the community. "This means that the future of the distribution will not be arbitrary decided by the Mandriva company anymore, but we intend to let the distribution evolve in and under the caring responsibility of the community. Mandriva SA will of course be a part of this entity and will support it with direct contributions."How the governance of this community will work is to be worked out.
Mandriva Linux to "return to the community"

Over at the Guardian, Cory Doctorow writesabout two problems that govern the relationship between politics and technically oriented folks ("nerds"in Doctorow-speak): "nerd determinism"and "nerd fatalism". "But, while it's true that geeks can get around this sort of thing ? and other bad network policies, such as network-level censorship, or vendor locks on our tablets, phones, consoles, and computers ? this isn't enough to protect us, let alone the world. It doesn't matter how good your email provider is, or how secure your messages are, if 95% of the people youcorrespond with use a free webmail service with a lawful interception backdoor, and if none of those people can figure out how to use crypto, then nearly all your email will be within reach of spooks and control-freaks and cops on fishing expeditions."
The problem with nerd politics (The Guardian)

Debianhas updated openoffice.org(code execution) and ikiwiki(cross-site scripting). Mandrivahas updated imagemagick(2010.1, ES 5.0; 2011.: multiple vulnerabilities). SUSEhas updated openssl(SLE 11: two vulnerabilities). Ubuntuhas updated sudo(privilege escalation).
Security advisories for Thursday

The H reportson a vulnerability in sudowhen it is configured for IP-based restrictions on users (typically only for centrally managed sudoersfiles). "When the developers added IPv6 support, they inadvertently made the matching routine used for IPv4 networks call the IPv6 matching routines when no IPv4 match was found. Because the IPv6 fields would be uninitialised, it was possible for the system to think it had found a match where there wasn't one. Finding a match would, in turn, mean permission would be granted for whatever command the rule was controlling, even when the system was on a different network."
Security vulnerability in sudo's netmask function patched (The H)

The LWN.net Weekly Edition for May 17, 2012 is available.
[$] LWN.net Weekly Edition for May 17, 2012

IBM has announced that the paperwork has been signed and that the contribution of the Lotus Symphony code to OpenOffice will happen shortly. "The successful delivery of Apache OpenOffice 3.4 has enabled us to finalize our grant with the the Apache Software Foundation and initiate this new phase of effort within the community. This is about envisioning a future for Apache OpenOffice that builds on the best code we can offer together with the best developers who have mastered it."For those wondering about what this code offers, there is a Symphony Contribution wiki pagedescribing the most interesting features.
Lotus Symphony code for OpenOffice coming soon

CentOShas updated C6: kernel(denial of service). Debianhas updated gridengine(privilege escalation). Fedorahas updated bind-dyndb-ldap(F16; F15: denial of service), F16: samba4(remote code execution), F15: kernel(unfiltered netdev rio_ioctl access by users), and F15: expat(denial of service). Gentoohas updated connman(code execution). Red Hathas updated RHEL6: kernel(denial of service) and MRG2.1: kernel-rt(multiple vulnerabilities).
Security advisories for Wednesday

Owners of Android handsets can be forgiven for feeling frustration over how long it took to get an update from the 2.3 "gingerbread"release. Google's flat-out effort to improve tablet support led to a 3.0 ("honeycomb") release that was not deemed suitable for handset use?or for open-source release. It was only with the 4.0 "Ice Cream Sandwich"cycle that all that new code became available for handsets?sort of. Six months after the 4.0 release, your editor finally got his hands on a device that can run it; what follows is a review of sorts.
[$] Tasting the Ice Cream Sandwich

Gentoohas updated chromium(multiple vulnerabilities). Mandrivahas updated ffmpeg(ES5.0; 2010.1; 2011.0: multiple vulnerabilities). openSUSEhas updated gnutls(denial of service) and coreutils(command injection). Ubuntuhas updated quagga(multiple vulnerabilities).
Tuesday's security updates

Version 0.9 of the Kdenlive video editor has been released. Improvements in this release include the ability to align multiple video tracks using the audio stream, a rewritten effects subsystem, improved importing of online media, and a number of usability enhancements.
Kdenlive 0.9 released

The OrientDB"NoSQL graph-document database management system"project has produced its 1.0 release. New features include a new multi-master replication scheme, a new object database interface, an undo mechanism, server-side scripting, and more.
OrientDB 1.0 released

Pligg CMS 'status' Parameter SQL Injection Vulnerability
Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability

pidgin-otr 'log_message_cb()' Function Format String Vulnerability
Vuln: pidgin-otr 'log_message_cb()' Function Format String Vulnerability

HP OpenVMS Integrity Server Unspecified Local Privilege Escalation Vulnerability
Vuln: HP OpenVMS Integrity Server Unspecified Local Privilege Escalation Vulnerability

Hewlett-Packard Virtual SAN Appliance 'hydra.exe' Remote Buffer Overflow Vulnerability
Vuln: Hewlett-Packard Virtual SAN Appliance 'hydra.exe' Remote Buffer Overflow Vulnerability

H2HC Brazil 9th Edition - Call for Papers
Bugtraq: H2HC Brazil 9th Edition - Call for Papers

SEC Consult SA-20120518 :: Memory overwrite vulnerability in libwpd (OpenOffice.org) - CVE-2012-2149
Bugtraq: SEC Consult SA-20120518 :: Memory overwrite vulnerability in libwpd (OpenOffice.org) - CVE-2012-2149

Re: [oss-security] CVE Request: Planeshift buffer overflow
Bugtraq: Re: [oss-security] CVE Request: Planeshift buffer overflow

Re: [oss-security] CVE Request: Planeshift buffer overflow
Bugtraq: Re: [oss-security] CVE Request: Planeshift buffer overflow

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus

-->