Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|The openSUSE project has announcedthat the "Factory"and "Tumbleweed"distributions will merge into a single
rolling distribution (called "Tumbleweed"). There is also an FAQ postingabout the merger. "With
the vast improvements to the Factory development process over the last 2
years, we effectively found ourselves as a project with not one, but two
rolling release distributions in addition to our main regular release
distribution. GregKH signalled his intention to stop maintaining Tumbleweed
as a 'rolling-released based on the current release'. It seemed a natural
decision then to bring both the Factory rolling release and Tumbleweed
rolling release together, so we can consolidate our efforts and make
openSUSE's single rolling release as stable and effective as
|openSUSE Factory and Tumbleweed to merge|
|Matthew Garrett considers the security of Linux containerson his blog. While the attack surface of containers is likely to always be larger than that of hypervisors, that difference may not matter in practice, but it's going to take some work to get there:
I suspect containers canbe made sufficiently secure that the attack surface size doesn't matter. But who's going to do that work? As mentioned, modern container deployment tools make use of a number of kernel security features. But there's been something of a dearth of contributions from the companies who sell container-based services. Meaningful work here would include things like:
Strong auditing and aggressive fuzzing of containers under realistic configurations
Support for meaningful nesting of Linux Security Modules in namespaces
Introspection of container state and (more difficult) the host OS itself in order to identify compromises
These aren't easy jobs, but they're important, and I'm hoping that the lack of obvious development in areas like this is merely a symptom of the youth of the technology rather than a lack of meaningful desire to make things better. But until things improve, it's going to be far too easy to write containers off as a "convenient, cheap, secure: choose two"tradeoff. That's not a winning strategy.
|Garrett: Linux Container Security|
|On his blog, Christian Schaller announcedthe availability of videos from the recently completed GStreamer Conference. "For those of you who like me missed this years GStreamer Conference the recorded talks are now available online thanks to Ubicast. Ubicast has been a tremendous partner for GStreamer over the years making sure we have high quality talk recordings online shortly after the conference ends. So be sure to check out this years batch of great GStreamer talks."|
|Schaller: GStreamer Conference 2014 talks online|
|Ubuntu has announced its latest release: 14.10 "Utopic Unicorn". As usual, it comes with versions for server, desktop, and cloud, along with multiple official "flavors": Kubuntu, Lubuntu,
Mythbuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu Studio, and Xubuntu. All of the varieties come with a 3.16 kernel and many more new features: "Ubuntu Desktop has seen incremental improvements, with newer versions of
GTK and Qt, updates to major packages like Firefox and LibreOffice, and
improvements to Unity, including improved High-DPI display support.
Ubuntu Server 14.10 includes the Juno release of OpenStack, alongside
deployment and management tools that save devops teams time when
deploying distributed applications - whether on private clouds, public
clouds, x86 or ARM servers, or on developer laptops. Several key server
technologies, from MAAS to Ceph, have been updated to new upstream
versions with a variety of new features."More information can be found in the release notes.
|Ubuntu 14.10 (Utopic Unicorn) released|
|Fedorahas updated java-1.7.0-openjdk(F19: multiple
vulnerabilities) and php(F20: three vulnerabilities).
Mandrivahas updated php(BS1.0:
Oraclehas updated java-1.8.0-openjdk(OL6: multiple
vulnerabilities) and wireshark(OL5:
Red Hathas updated openstack-glance(OSP4: denial of service), openstack-heat(OSP4: information leak), openstack-keystone(OSP4: two
denial of service), openstack-nova(OSP4:
privilege escalation), openstack-packstack(OSP4: unexpected firewall disable), and python-backports-ssl_match_hostname(OSP4:
denial of service from 2013).
Scientific Linuxhas updated java-1.6.0-openjdk(multiple vulnerabilities),
java-1.7.0-openjdk(SL7, SL6; SL5: multiple vulnerabilities), libxml2(SL7, SL6: denial of service), openssh(SL6: two vulnerabilities), rsyslog5 and rsyslog(SL6, SL5: denial of
service), trousers(SL6: denial of service
from 2012), and wireshark(SL7, SL6;
SL5: multiple vulnerabilities).
SUSEhas updated kernel(SLE11SP3; SLE11SP3: multiple vulnerabilities, one from 2013).
Ubuntuhas updated openjdk-7(14.04: multiple vulnerabilities) and pollinate(14.04: certificate refresh).
|Security updates for Thursday|
lengthy ars technica retrospectiveon Ubuntu's first ten years.
"As you'll soon see in this look at the desktop distro through the
years, Linux observers sensed there was something special about Ubuntu
nearly from the start. However, while a Linux OS that genuinely had users
in mind was quickly embraced, Ubuntu's ten-year journey since is a
microcosm of the major Linux events of the last decade?encompassing
everything from privacy concerns and Windows resentment to server expansion
and hopes of convergence."|
|Ten years of Ubuntu (ars technica)|
|The LWN.net Weekly Edition for October 23, 2014 is available.
|[$] LWN.net Weekly Edition for October 23, 2014|
|In a talk entitled "Lies, Damned Lies, and Remotely Hosted Encrypted Data",
Kolab Systems CEO Georg Greve outlined the thinking and investigation that
the company did before deciding on where to store its customers' encrypted
data. The talk, which was given at LinuxCon
Europein Düsseldorf, Germany, looked at various decisions that need to
be made when determining where and how to store data on the internet. It
comes down to a
number of factors, including the legal framework of the country in
question and physical security for the systems storing the data.
|[$] Where to store your encrypted data|
|CentOShas updated libxml2(C7:
denial of service), qemu-kvm(C7:
information leak), rsyslog(C5: denial of
service), and wireshark(C7; C5: multiple vulnerabilities).
Fedorahas updated bugzilla(F20; F19:
multiple vulnerabilities), java-1.8.0-openjdk(F19: multiple vulnerabilities), and perl-Mojolicious(F20; F19: parameter injection attack).
openSUSEhas updated getmail(13.1, 12.3: multiple vulnerabilities) and wpa_supplicant(13.1; 12.3: command execution).
Oraclehas updated kernel(OL6:
multiple vulnerabilities), rsyslog(OL6:
denial of service), rsyslog7(OL6: denial
of service), and wireshark(OL7; OL6: multiple vulnerabilities).
Red Hathas updated wireshark(RHEL6,7; RHEL5: multiple vulnerabilities).
|Security advisories for Wednesday|
|In a followup to last year's report on the
future of realtime Linux, Thomas Gleixner once again summarized the
status of the long-running patch set. The intervening year did not result
in the industry stepping up to fund further work, which led Gleixner to
declare that realtime Linux is now just his hobby. That means new
releases will be done as his time allows and may eventually lead to
dropping the patch set altogether if the widening gap between mainline and
realtime grows too large.
Subscribers can click below for the full report of Gleixner's talk at this
year's Linux Plumbers Conference.
|[$] The future of the realtime patch set|
|Debianhas updated mysql-5.5(multiple vulnerabilities).
Mandrivahas updated bugzilla(multiple vulnerabilities), kernel(multiple vulnerabilities), mediawiki(cross-site scripting), perl(denial of
service), python(buffer overflow), and rsyslog(two vulnerabilities).
Oraclehas updated qemu-kvm(OL7:
information leak) and rsyslog5(OL5: denial of service).
Red Hathas updated qemu-kvm(RHEL7: information leak) and rsyslog(RHEL5,6: denial of service).
Scientific Linuxhas updated qemu-kvm(SL7: information leak).
Slackwarehas updated openssh(SSHFP-checking disabled).
|Tuesday's security updates|
|Version 24.4 of the Emacs editor is out. New features this time around
include a built-in web browser (unfortunately named "eww"), better
multi-monitor support, the ability to save and restore the state of frames
and windows, digital signatures on Emacs Lisp packages, access control list
support, and much more. See the NEWS filefor all the details.
|Emacs 24.4 released|
|The Debian Project recently learned that community member Peter Miller died
last July. "Peter was a relative newcomer to the Debian project, but his
contributions to Free and Open Source Software goes back the the late
1980s. Peter was significant contributor to GNU gettext as well as being
the main upstream author and maintainer of other projects that ship as
part of Debian, including, but not limited to srecord, aegis and cook.
Peter was also the author of the paper "Recursive Make Considered
|Debian Project mourns the loss of Peter Miller|
|Ubuntu 14.10 "Utopic Unicorn"is due to be released this week. That marks
10 years of Ubuntu releases, beginning with Ubuntu 4.10"Warty Warthog".
In this articleMark Shuttleworth announces the name of what will the 15.04 release.
"This verbose tract is a venial vanity, a chance to vector verbal vibes, a map of verdant hills to be climbed in months ahead. Amongst those peaks I expect we?ll find new ways to bring secure, free and fabulous opportunities for both developers and users. This is a time when every electronic thing can be an Internet thing, and that?s a chance for us to bring our platform, with its security and its long term support, to a vast and important field. In a world where almost any device can be smart, and also subverted, our shared efforts to make trusted and trustworthy systems might find fertile ground. So our goal this next cycle is to show the way past a simple Internet of things, to a world of Internet things-you-can-trust."|
|Shuttleworth: V is for Vivid|
|The Free Software Foundation (FSF) and the GNU Project have announced the
opening of nominations for the 17th annual Free Software Awards. The
Free Software Awards include the Award for the Advancement of Free
Software and the Award for Projects of Social Benefit. "In the case of both awards, previous winners are not eligible for
nomination, but renomination of other previous nominees is encouraged.
Only individuals are eligible for nomination for the Advancement of
Free Software Award (not projects), and only projects can be nominated
for the Social Benefit Award (not individuals). For a list of previous
winners, please visit https://www.fsf.org/awards."|
|The FSF opens nominations for the 17th annual Free Software Awards|