Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|Open Invention Network (OIN) marks its ten year anniversary. "Since its founding in 2005, Open Invention Network has grown its community to over 1,700 participants ? from sizable multinational companies to key open source projects to emerging businesses. OIN has expanded its strategic patent portfolio to more than 1,000 worldwide patents and applications. In parallel, the zone of patent non-aggression that is defined by OIN?s Linux System definition has evolved to include more than 2,300 software packages, which ensures freedom of action in core functionality for global open source projects and technology platforms such as Linux, Red Hat, SUSE, Android, Open Stack and Apache."|
|Open Invention Network Celebrates 10 Year Anniversary|
|Arch Linuxhas updated nodejs(denial of service).
Fedorahas updated libvpx(F21:
denial of service), openjpeg2(F22: code
execution), pixman(F22: buffer overflow),
unzip(F21: two vulnerabilities), webkitgtk(F22; F21: denial of service), and webkitgtk3(F22; F21: denial of service).
openSUSEhas updated apache2(13.2, 13.1: multiple vulnerabilities), conntrack-tools(13.2, 13.1: denial of
service), froxlor(13.2, 13.1: privilege
escalation), redis(13.2, 13.1: code
execution), seamonkey(13.2, 13.1: multiple
vulnerabilities), thunderbird(13.2, 13.1:
multiple vulnerabilities), and vorbis-tools(13.2, 13.1: code execution).
SUSEhas updated firefox, nspr(SLE12: multiple vulnerabilities).
Ubuntuhas updated kernel(15.04; 14.04:
multiple vulnerabilities), linux-lts-trusty(12.04: multiple vulnerabilities), linux-lts-utopic(14.04: multiple
multiple vulnerabilities), and lxc(14.04:
regression in previous update).
|Security updates for Tuesday|
|The nomination process has begun for the 2015 election of the Technical
Advisory Board for the Linux Foundation. That election will happen on
October 26 at the Kernel Summit in Seoul, South Korea. There are five
positions to be filled; terms are for two years.
|The 2015 Linux Foundation Technical Advisory Board elections|
|Ars Technica presents
a lengthy reviewof Android 6.0 "Marshmallow". "While this is a review of the final build of "Android 6.0,"we're going to cover many of Google's apps along with some other bits that aren't technically exclusive to Marshmallow. Indeed, big chunks of "Android"don't actually live in the operating system anymore. Google offloads as much of Android as possible to Google Play Services and to the Play Store for easier updating and backporting to older versions, and this structure allows the company to retain control over its open source platform. As such, consider this a look at the shipping Google Android software package rather than just the base operating system. "Review: New Android stuff Google has released recently"would be a more accurate title, though not as catchy."|
|Android 6.0 Marshmallow, thoroughly reviewed (Ars Technica)|
|Arch Linuxhas updated hostapd(multiple vulnerabilities) and libunwind(denial of service).
Fedorahas updated activemq(F22:
information disclosure), bind(F21: denial
of service), jenkins-script-security-plugin(F22: unspecified vulnerability), kernel(F22; F21:
denial of service), libwmf(F22: two
vulnerabilities), scap-security-guide(F22; F21:
unspecified vulnerability), seamonkey(F22; F21:
multiple vulnerabilities), thunderbird(F22: multiple vulnerabilities), and xen(F22; F21:
Mageiahas updated chromium-browser(MG5: information disclosure)
and gdk-pixbuf2.0(MG5: two vulnerabilities).
openSUSEhas updated phpMyAdmin(13.2, 13.1: guessable user credentials).
Ubuntuhas updated oxide-qt(15.04, 14.04: information disclosure), thunderbird(15.04, 14.04, 12.04: multiple
vulnerabilities), and firefox(15.04,
14.04, 12.04: regression in previous update).
|Security advisories for Monday|
|Sarah Sharp has made
officialher departure from the kernel development community. "I
didn?t take the decision to step down lightly. I felt guilty, for a long
time, for stepping down. However, I finally realized that I could no longer
contribute to a community where I was technically respected, but I could
not ask for personal respect. I could not work with people who helpfully
encouraged newcomers to send patches, and then argued that maintainers
should be allowed to spew whatever vile words they needed to in order to
maintain radical emotional honesty. I did not want to work professionally
with people who were allowed to get away with subtle sexist or homophobic
jokes. I feel powerless in a community that had a 'Code of Conflict'
without a specific list of behaviors to avoid and a community with no teeth
to enforce it."|
|Sharp: Closing a door|
|The Linux Foundation has announcedthe formation of a collaborative project to support the ongoing development
of the realtime kernel patch set. "The RTL Collaborative Project
will focus on pushing critical code upstream to be reviewed and eventually
merged into the mainline Linux kernel where it will receive ongoing
support. This will save the industry millions of dollars in research and
development. It will also improve quality of the code through robust
upstream kernel test infrastructure, since anything maintained in the
mainline kernel is collectively supported by thousands of developers and
hundreds of companies around the world."As part of the project,
the Foundation has appointed Thomas Gleixner into a Fellow position.
|The Real-Time Linux Collaborative Project|
|The 4.3-rc4kernel prepatch is out. "You all know the drill by now. It's Sunday, and there is a new release
candidate out there."|
|Kernel prepatch 4.3-rc4|
|Greg Kroah-Hartman has released the 4.2.3and 4.1.10stable kernels. The fixfor the
deadlocks reportedfor 4.1.9 did not make
it into 4.1.10. As usual, these stable kernels contain fixes throughout
|Stable kernels 4.2.3 and 4.1.10|
|Many online media outlets are reporting the news that ownership of
the popular ad-blocking browser extension AdBlockhas
been sold to a new owner. Not to be confused with similarly named
projects AdBlock Plus and AdBlock Edge, this AdBlock announced the
news of the sale to its users in a pop-up window. TheNextWeb reportsthat AdBlock employees refused to identify the buyer. In related
news, the new owner has decided to join the "Acceptable Ads"whitelisting program run by rival AdBlock Plus. An announcementon the AdBlock Plus site confirms the move, and notes that an
"independent review board"will now decide which
advertisements are included the Acceptable Ads whitelist. Public
nominations for the board are said to be open.
|Ad-blocking extension AdBlock sold to new owner|
|CentOShas updated thunderbird(C6; C5; C7: multiple vulnerabilities).
Debian-LTShas updated binutils(multiple vulnerabilities).
Fedorahas updated freeimage(F22; F21:
golang(F22; F21: multiple vulnerabilities), jakarta-commons-httpclient(F22; F21: denial of service), and openjpeg2(F22; F21: use-after-free vulnerability).
Mageiahas updated thunderbird(M5: multiple vulnerabilities).
openSUSEhas updated bind(11.4: denial of service).
Oraclehas updated thunderbird(O6; O7: multiple vulnerabilities).
Red Hathas updated mod_proxy_fcgi(RHEL6: denial of service).
Scientific Linuxhas updated thunderbird(SL5, 6, 7: multiple vulnerabilities).
Slackwarehas updated mozilla-thunderbird(14.0, 14.1, current: multiple vulnerabilities), php(14.0, 14.1, current: multiple vulnerabilities), and seamonkey(14.0, 14.1, current: multiple vulnerabilities).
Ubuntuhas updated kernel(12.04: multiple vulnerabilities) and linux-ti-omap4(12.04: multiple vulnerabilities).
|Friday's security updates|
|The GNOME Foundation has announcedthe release of its Annual Report [PDF]for the 2014 fiscal year, which ran from October 1, 2013 through September 30, 2014. The report covers topics like finances, the Groupon trademark battle, conferences, outreach, accessibility, and lots more. "Jean-François Fortin Tam, president of the GNOME Foundation for 2014-2015, states in the introduction letter: '2014 is on record as one of the most challenging years in the Foundation's history. It is also the year that has given us the most demonstrative and passionate display of support?from our members, our contributors, and the Free Software community?that we have ever experienced.'"|
|GNOME?s 2014 Fiscal Year Annual Report Published|
|Joanna Rutkowska has announcedthe release of Qubes OS3.0, which has a new hypervisor abstraction layer(HAL) as one of its "killer features". Qubes OS uses a hypervisor as part of its "security by compartmentalization"strategy for creating a more secure operating system. The HAL "will allow us to easily switch the underlying hypervisors in the near future, perhaps even during the installation time, depending on the user needs (think tradeoffs between hardware compatibility and performance vs. security properties desired, such as e.g. reduction of covert channels between VMs, which might be of importance to some users). More philosophically-wise, this is a nice manifestation of how Qubes OS is really "not yet another virtualization system", but rather: a user of a virtualization system (such as Xen)."We lookedat Qubes OS 3.0 back in May.
|Qubes OS 3.0 released|
|Greg Kroah-Hartman has announced the release of the 3.14.54and 3.10.90stable kernels. As usual, they
contain important fixes throughout the tree and users should upgrade.
|Stable kernels 3.14.54 and 3.10.90|
|The Free Software Foundation (FSF) has announceda collaboration with Software Freedom Conservancy (SFC) on "The Principles of Community-Oriented GPL Enforcement", which describes what it means to do GPL enforcement in a way that is oriented toward gaining compliance (also: SFC announcement). "'GPL enforcement is mostly an educational process working with people who have made honest mistakes, but it must be undertaken with care and thoughtfulness. Our goal is not to punish or censure violators, but to help them come into compliance. Abiding by these principles aids our work in bringing about that outcome,' said FSF's licensing and compliance manager, Joshua Gay.|
|FSF, Conservancy publish principles for community-oriented GPL enforcement|