Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|Greg Kroah-Hartman has announced the release of three stable
3.10.24, and 3.4.74, with a wide variety of fixes and
other updates. All users are encouraged to upgrade.
|Fresh kernels for Thursday|
|CentOShas updated thunderbird(C5: multiple vulnerabilities).
Fedorahas updated drupal6(F19: multiple vulnerabilities), firefox(F19: update to Firefox 26), nbd(F18; F19: incorrect access control), openstack-nova(F19: multiple vulnerabilities), tuxcut(F18; F19:
unspecified vulnerability), and xulrunner(F19: update to Firefox 26).
Oraclehas updated firefox(O6:) and thunderbird(O6: multiple vulnerabilities).
Red Hathas updated php(RHEL 3/4; RHEL 5/6: code execution), php53(RHEL5: code execution),
and thunderbird(RHEL 5/6: multiple vulnerabilities).
Scientific Linuxhas updated thunderbird(multiple vulnerabilities).
Ubuntuhas updated php(multiple vulnerabilities).
|Thursday's security updates|
|The LWN.net Weekly Edition for December 12, 2013 is available.
|[$] LWN.net Weekly Edition for December 12, 2013|
|It has been a year since our last look at
a CyanogenMod release. So when the project announcedthe availability CyanogenMod 11M1 ? the first of the CM 11.0 experimental
builds ? your editor
did not hesitate to dedicate a handset to the cause. After all, what could
possibly go wrong? It turns out that a few things could, but CM11 appears
to be on track to be another solid release regardless.
|[$] A look at CyanogenMod 11M1|
|Andy Updegrove looks
at the Linux Foundation'scollaborative project, the AllSeen Alliance. "So now let?s look at what it takes to make an Internet of Things possible, comprising the wares and services of many different vendors, and types of vendors. It represents roughly the same goal ? to create another type of local area network ? but this time, there?s no router. Each thing is its own router, and for every other neighboring thing as well, passing along messages from device to device, and perhaps eventually back out to the Internet. That requires more than just a single interoperable communication standard, and more than just devices that can send and receive signals. It also requires all sorts of different types of companies, and not just laptop vendors, to make the investment and take the risk to enable their respective products."|
|The Launch of AllSeen Alliance (and the Next Generation of Open Collaboration) (The Standards Blog)|
|CentOShas updated xen(Xen4CentOS:
multiple vulnerabilities), php53(C6; C5: code
execution), php(C5: multiple
vulnerabilities), and firefox(C5: multiple vulnerabilities).
Fedorahas updated subversion(F19; F18: two
vulnerabilities), maradns(F19; F18: blind spoofing attack), nspr(F19: unsigned integer wrapping), and ruby(F18: code execution).
Oraclehas updated php53(OL6; OL5: code
execution) and php(OL5: multiple vulnerabilities).
Red Hathas updated firefox(RHEL5&6: multiple vulnerabilities), php53(RHEL5&6: code execution), php(RHEL5: multiple vulnerabilities), and flash-plugin(multiple vulnerabilities).
Scientific Linuxhas updated php53(SL5&6: code execution), php(SL5:
multiple vulnerabilities), and firefox(SL5: multiple vulnerabilities).
Ubuntuhas updated firefox(multiple
vulnerabilities), and samba(multiple
|Security advisories for Wednesday|
|Over on his blog, kernel security developer Kees Cook has a description of live patching the kernelto disable the kexec system call in older kernels. The idea is to be able to turn off kexec without rebuilding the older kernels (future kernels may be able to use the proposed /proc/sys/kernel/kexec_disabled). He examines several possible routes (ksplice, systemtap) before deciding on a more direct approach. "So, finally, I decided to just do it by hand, and wrote a friendly kernel rootkit. Instead of dealing with flipping page table permissions on the normally-unwritable kernel code memory, I borrowed from PaX?s KERNEXEC feature, and just turn off write protect checking on the CPU briefly to make the changes."|
|Cook: live patching the kernel|
|Ars Technica reports
that effective in FreeBSD 10(currently RC1
is available), processors from Intel and Via Technologies will no
longer be trusted as the sole source of random numbers. "Specifically, "RDRAND"and "Padlock"?RNGs [Random Number Generators] provided by Intel and Via respectively?will no longer be the sources FreeBSD uses to directly feed random numbers into the /dev/random engine used to generate random data in Unix-based operating systems. Instead, it will be possible to use the pseudo random output of RDRAND and Padlock to seed /dev/random only after it has passed through a separate RNG algorithm known as "Yarrow."Yarrow, in turn, will add further entropy to the data to ensure intentional backdoors, or unpatched weaknesses, in the hardware generators can't be used by adversaries to predict their output."|
|"We cannot trust"Intel and Via?s chip-based crypto, FreeBSD developers say (ars technica)|
|Mozilla has released Firefox 26. The release
notescover some new features. Java plug-ins are defaulted to 'click
to play', the password manager supports script-generated password fields,
there's support for H.264 on Linux if the appropriate gstreamer plug-ins are
installed, and the release includes the usual pile of bug fixes and
|Firefox 26 released|
|CentOShas updated libjpeg(C5:
information disclosure), libjpeg-turbo(C6:
information disclosure), samba(C6;
C5: two vulnerabilities), and samba4(C6: code execution).
Debianhas updated gimp(multiple
code execution flaws), munin(denial of service), and varnish(denial of service).
Fedorahas updated ganglia(F19; F18:
cross-site scripting), kernel(F18: multiple vulnerabilities), and seamonkey(F18; F19: multiple vulnerabilities).
Gentoohas updated libwebp(code execution).
Oraclehas updated libjpeg(OL5:
information disclosure), libjpeg-turbo(OL6: information disclosure), samba(OL6; OL5: two
vulnerabilities), and samba4(OL6: code execution).
Red Hathas updated libjpeg(RHEL5: information disclosure), libjpeg-turbo(RHEL6: information disclosure),
samba and samba 3x(RHEL5&6: two
vulnerabilities), and samba4(RHEL6: code execution).
Scientific Linuxhas updated libjpeg(SL5: information disclosure), libjpeg-turbo(SL6: information disclosure),
samba and samba3x(SL5&6: two
vulnerabilities), and samba4(SL6: code execution).
|Tuesday's security updates|
|Google has, in its wisdom, decreed that email coming from lwn.net is spam
and is no longer delivering it to gmail users. In typical fashion, there
is no way to appeal such a ruling; Google Knows Best. Unless something
changes soon, we'll be unsubscribing gmail addresses from our mailing
lists. Our apologies for the inconvenience.
Update: we are in communication with some folks at Google; hopefully
this issue will be resolved soon.
|A note to gmail users|
|The latest project to be announced by the Linux Foundation is the AllSeen
Alliance, an effort to promote development of the "Internet of
Everything.""The members of the AllSeen Alliance will contribute
software and engineering resources as part of their collaboration on an
open software framework that enables hardware manufacturers, service
providers and software developers to create interoperable devices and
services. This open source framework allows ad hoc systems to seamlessly
discover, dynamically connect and interact with nearby products regardless
of brand, transport layer, platform or operating system."|
|The Linux Foundation's "AllSeen Alliance"|
4.6.0 of the KDevelop development environmentis available.
"Aside from many bug fixes and general improvements such as
performance optimizations in various areas, which make KDevelop 4.6.0
faster and less memory-hungry, a few changes are especially noteworthy: The
ReviewBoard plugin now supports updating existing review requests. There is
a new plugin which adds support for building projects with ninja instead of
make. CMake support was also stabilized and improved, adding support for
missing or new CMake features."|
|KDevelop 4.6.0 released|
|WhisperPush is the CyanogenMod implementation of the "TextSecure"encrypted
text messaging protocol; that implementation is just now finding
its wayinto the CyanogenMod 10.2 nightly builds. "Moxie
[Marlinspike] has been the lead engineer on the CyanogenMod implementation
of TextSecure, making sure the CM version is both secure and compatible
with his existing services. Unique to the CM implementation is our SMS
middleware functionality. This is the same code that allows for our Google
Voice integration into any messaging application."More information
can be found on the Open
|WhisperPush lands in CyanogenMod builds|
|Debianhas updated chromium-browser(multiple vulnerabilities)
and samba(multiple vulnerabilities).
Fedorahas updated kernel(F19:
multiple vulnerabilities), lynis(F19; F18:
broken permissions), php-symfony2-BrowserKit(F18: denial of
denial of service), php-symfony2-Config(F18: denial of service), php-symfony2-Console(F18: denial of service),
php-symfony2-CssSelector(F18: denial of
service), php-symfony2-DependencyInjection(F18: denial of service), php-symfony2-DomCrawler(F18: denial of
service), php-symfony2-EventDispatcher(F18: denial of service), php-symfony2-Filesystem(F18: denial of
service), php-symfony2-Finder(F18: denial
of service), php-symfony2-Form(F18: denial
of service), php-symfony2-HttpFoundation(F18: denial of service), php-symfony2-HttpKernel(F18: denial of
service), php-symfony2-Locale(F18: denial
of service), php-symfony2-OptionsResolver(F18: denial of service), php-symfony2-Process(F18: denial of service),
php-symfony2-PropertyAccess(F18: denial of
service), php-symfony2-Routing(F18: denial
of service), php-symfony2-Security(F18:
denial of service), php-symfony2-Serializer(F18: denial of service), php-symfony2-Templating(F18: denial of
denial of service), php-symfony2-Validator(F18: denial of service), php-symfony2-Yaml(F18: denial of service), and xen(F19; F18:
denial of service/privilege escalation).
Gentoohas updated festival(code
execution from 2010) and openexr(multiple
vulnerabilities from 2009).
Mageiahas updated gimp(code execution), links(integer overflow), openttd(denial of service), and pixman(denial of service).
openSUSEhas updated krb5(13.1:
two denial of service flaws), ruby19(13.1,
12.x: code execution), ruby20(13.1: code
execution), and subversion(13.1: two vulnerabilities).
Oraclehas updated kernel(OL5: information leak).
Scientific Linuxhas updated busybox(SL6: privilege escalation), coreutils(SL6: multiple vulnerabilities), dracut(SL6: information disclosure), evolution(SL6: encrypt email to unintended
recipient), gimp(SL5&6: code
execution), kernel(SL5: information leak),
mod_nss(SL5&6: access with invalid
client certificate), nss and nspr(SL5:
multiple vulnerabilities), qemu-kvm(SL6:
privilege escalation), RDMA stack(SL6: two
vulnerabilities), sudo(SL6: privilege
escalation), wireshark(SL6: multiple
vulnerabilities), and xorg-x11-server(SL6:
Ubuntuhas updated gimp(13.10,
13.04, 12.10, 12.04 LTS: code
execution), kernel(13.10: multiple
multiple vulnerabilities), and curl(12.10, 12.04 LTS, 10.04 LTS: regression in previous update).
|Security advisories for Monday|