Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|Debianhas updated mysql-5.5(multiple vulnerabilities).
Mandrivahas updated bugzilla(multiple vulnerabilities), kernel(multiple vulnerabilities), mediawiki(cross-site scripting), perl(denial of
service), python(buffer overflow), and rsyslog(two vulnerabilities).
Oraclehas updated qemu-kvm(OL7:
information leak) and rsyslog5(OL5: denial of service).
Red Hathas updated qemu-kvm(RHEL7: information leak) and rsyslog(RHEL5,6: denial of service).
Scientific Linuxhas updated qemu-kvm(SL7: information leak).
Slackwarehas updated openssh(SSHFP-checking disabled).
|Tuesday's security updates|
|Version 24.4 of the Emacs editor is out. New features this time around
include a built-in web browser (unfortunately named "eww"), better
multi-monitor support, the ability to save and restore the state of frames
and windows, digital signatures on Emacs Lisp packages, access control list
support, and much more. See the NEWS filefor all the details.
|Emacs 24.4 released|
|The Debian Project recently learned that community member Peter Miller died
last July. "Peter was a relative newcomer to the Debian project, but his
contributions to Free and Open Source Software goes back the the late
1980s. Peter was significant contributor to GNU gettext as well as being
the main upstream author and maintainer of other projects that ship as
part of Debian, including, but not limited to srecord, aegis and cook.
Peter was also the author of the paper "Recursive Make Considered
|Debian Project mourns the loss of Peter Miller|
|Ubuntu 14.10 "Utopic Unicorn"is due to be released this week. That marks
10 years of Ubuntu releases, beginning with Ubuntu 4.10"Warty Warthog".
In this articleMark Shuttleworth announces the name of what will the 15.04 release.
"This verbose tract is a venial vanity, a chance to vector verbal vibes, a map of verdant hills to be climbed in months ahead. Amongst those peaks I expect we?ll find new ways to bring secure, free and fabulous opportunities for both developers and users. This is a time when every electronic thing can be an Internet thing, and that?s a chance for us to bring our platform, with its security and its long term support, to a vast and important field. In a world where almost any device can be smart, and also subverted, our shared efforts to make trusted and trustworthy systems might find fertile ground. So our goal this next cycle is to show the way past a simple Internet of things, to a world of Internet things-you-can-trust."|
|Shuttleworth: V is for Vivid|
|The Free Software Foundation (FSF) and the GNU Project have announced the
opening of nominations for the 17th annual Free Software Awards. The
Free Software Awards include the Award for the Advancement of Free
Software and the Award for Projects of Social Benefit. "In the case of both awards, previous winners are not eligible for
nomination, but renomination of other previous nominees is encouraged.
Only individuals are eligible for nomination for the Advancement of
Free Software Award (not projects), and only projects can be nominated
for the Social Benefit Award (not individuals). For a list of previous
winners, please visit https://www.fsf.org/awards."|
|The FSF opens nominations for the 17th annual Free Software Awards|
|Debianhas updated iceweasel(multiple vulnerabilities).
Fedorahas updated glibc(F19:
multiple vulnerabilities), gnome-shell(F20: lock screen bypass), kernel(F19:
multiple vulnerabilities), libxml2(F20:
denial of service), openssl(F20; F19: multiple vulnerabilities), openstack-glance(F20: denial of service), and torque(F20; F19: authentication bypass).
openSUSEhas updated bash(13.1; 12.3:
Oraclehas updated libxml2(OL6: denial of service).
|Security advisories for Monday|
|In a relatively predictable move, Linus has released 3.18-rc1and closed the 3.18 merge window
sooner than expected. He has, however, said that he will be more than
usually open to post-rc1 pull requests from people who "grovel a
bit.""There is also at least one pull request that I am
hoping to get asap and planning on still pulling, ie I'm very much still
hoping to get overlayfs finally merged."In the end, 9,711
non-merge changesets found their way into the mainline repository during
this merge window.
|Kernel prepatch 3.18-rc1|
|Linux Voice has an interviewwith Canonical's Thomas Voß, the technical architect of the Mir display server. The interview deals largely with background topics, such as the Mir team's decision to standardize on an API rather than define a protocol, and the various languages to support. "Obviously there are disadvantages to having only one graphics language, but the benefits outweigh the disadvantages. And I think that?s a common theme in the industry. Android made the same decision to go that way. Even Wayland to a certain degree has been doing that. They have to support EGL and GL, simply because it?s very convenient for app developers and toolkit developers ? an open graphics language. That was the part that inspired us, and we wanted to have this one graphics language and support it well."|
|Interview: Thomas Voß of Mir (Linux Voice)|
|CentOShas updated openssl(C5: protocol downgrade) and
openssl(C6, C7: multiple vulnerabilities).
Debianhas updated openssl(multiple vulnerabilities).
Fedorahas updated firefox(F20: multiple vulnerabilities), java-1.7.0-openjdk(F20: multiple vulnerabilities), java-1.8.0-openjdk(F20: multiple vulnerabilities), kernel(F20: multiple vulnerabilities), php-ZendFramework(F19; F20: multiple vulnerabilities),
and thunderbird(F20: multiple vulnerabilities).
Oraclehas updated cups(O6: multiple vulnerabilities), file(O6: multiple vulnerabilities), firefox(O5; O6: multiple vulnerabilities),
glibc(O6: multiple vulnerabilities), java-1.6.0-openjdk(O6: multiple vulnerabilities), java-1.7.0-openjdk(O6: multiple vulnerabilities), krb5(O6: multiple vulnerabilities), libxml2(O7: denial of service), openssh(O6: multiple vulnerabilities), openssl(O5; O6; O7: multiple vulnerabilities), thunderbird(O6: multiple vulnerabilities), and trousers(O6: denial of service).
Red Hathas updated java-1.6.0-sun(multiple vulnerabilities), java-1.7.0-oracle(multiple vulnerabilities), libxml2(RHEL6,7: denial of service), openssl(RHEL5: protocol downgrade), openssl(RHEL6,7: multiple vulnerabilities),
and rsyslog7(RHEL6: denial of service).
Scientific Linuxhas updated openssl(SL5: protocol downgrade) and openssl(SL6,7:multiple vulnerabilities ).
Ubuntuhas updated openjdk-6(10.04, 12.04: multiple vulnerabilities) and openssl(multiple vulnerabilities).
|Friday's security updates|
|Ian Jackson has resurrected the general resolution prohibiting Debian
packages from depending on a single init system. This resolution failed to
obtain enough seconds to proceed to a vote back in March, but this time
more seconds have appeared and a vote will take place after the two-week
discussion period. The initial discussion suggests that there is some
support for the idea, but that not everybody
appreciates seeing this resolution just before the jessie release is
supposed to go into a freeze.
|The Debian init system general resolution returns|
releaseof the Docker container system is available.
"First up, in this release, the Docker Engine will now automatically
verify the provenance and integrity of all Official Repos using digital
signatures. Official Repos are Docker images curated and optimized by the
Docker community to be the best building blocks for assembling distributed
applications. A valid signature provides an added level of trust by
indicating that the Official Repo image has not been tampered with."|
|Docker 1.3 released|
|The Red Hat Developer Blog has an
article about the undefined behavior sanitizerthat was a part of the
GCC 4.9 release. "One of the most important [checks] is the signed
integer overflow checking. The practice shows that this undefined behavior
is very common in real programs. Ubsan is able to check that the result of
addition, subtraction, multiplication and negation does not overflow in
|GCC Undefined Behavior Sanitizer ? ubsan (RH Developer Blog)|
4.0of the Tor Browser is now available. "The primary user-facing change since the 3.6 series is the transition to Firefox 31-ESR.
More importantly for censored users who were using 3.6, the 4.0 series also
features the addition of three versions of the meek pluggable transport. In
fact, we believe that both meek-amazon and meek-azure will work in China
today, without the need to obtain bridge addresses."|
|Tor Browser 4.0 released|
|CentOShas updated thunderbird(C5: multiple vulnerabilities).
Debianhas updated drupal7(SQL injection) and wpa(code execution).
Fedorahas updated php-ZendFramework2(F21: multiple
vulnerabilities) and rsyslog(F20; F21:
denial of service).
Oraclehas updated firefox(O7: multiple vulnerabilities), java-1.6.0-openjdk(O5: multiple vulnerabilities), and
java-1.7.0-openjdk(O5; O7: multiple vulnerabilities).
Red Hathas updated flash-plugin(RHEL5, RHEL6: multiple vulnerabilities) and thunderbird(RHEL5, RHEL6: multiple vulnerabilities).
Slackwarehas updated openssl(multiple vulnerabilities).
Ubuntuhas updated mysql-5.5(12.04, 14.04: multiple vulnerabilities).
|Thursday's security updates|
|The LWN.net Weekly Edition for October 16, 2014 is available.
|[$] LWN.net Weekly Edition for October 16, 2014|