Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|The Electronic Frontier Foundationis
probably best known for its work in the political arena. But the EFF also
occasionally tries to make change happen more directly by releasing
interesting technologies of its own. The organization's July 20 announcementof the Open Wireless Router project is an example of this type of
initiative. Your editor has long been concerned about the state of home
(and small business)
router software, so it made sense to take a look. What was revealed is a
project with some interesting potential ? but that potential may take
more resources than are currently available to realize.
|[$] The EFF launches a router project|
|The openSUSE project has announcedthat the "Factory"development distribution has been reworked into an
independent distribution using a rolling-release model. "With a
daily fresh Factory distribution making it easier for those who want to
preview and test, we hope to see more users and contributors, leading to
faster fixes and even higher quality. Factory is critical as it provides
the base technology for openSUSE and SUSE Linux Enterprise, which is used
by tens of thousands of organizations around the world."|
|openSUSE Factory becomes a rolling-release distribution|
|Debianhas updated kernel(multiple vulnerabilities).
Fedorahas updated drupal6(F20; F19: multiple vulnerabilities) and drupal7(F20; F19: multiple vulnerabilities).
Mandrivahas updated nss(BS1.0: code execution).
Red Hathas updated kernel(RHEL6.2: privilege escalation).
|Tuesday's security updates|
|Ars technica reportson a newly disclosed Android vulnerability. It seems that some apps are
hard-coded into the system as having special privileges. "According
to Jeff Forristal, CTO of Bluebox Security, Android fails to verify the
chain of certificates used to certify an app belongs to this elite class of
super privileged programs. As a result, a maliciously developed app can
include an invalid certificate claiming it's Flash, Wallet, or any other
app hard coded into Android. The OS, in turn, will give the rogue app the
same special privileges assigned to the legitimate app without ever taking
the time to detect the certificate forgery."|
|Android crypto blunder exposes users to highly privileged malware (ars technica)|
|Andrew Hutton, the organizer of the Ottawa Linux Symposium, has put
Indiegogo campaignto try to raise funds for this event, which has
fallen on hard times in recent years. "When I admitted that this
year would likely be the last OLS many people expressed a desire to do
something to help. This crowdfunding campaign is the best way I could
think of to reach out and offer the community a way to help."|
|An Indiegogo campaign for the Ottawa Linux Symposium|
|Mitchell Baker announcedthat Chris Beard has been appointed CEO of Mozilla Corp. "Over the years, Chris has led many of Mozilla?s most innovative projects. We have relied on his judgment and advice for nearly a decade. Chris has a clear vision of how to take Mozilla?s mission and turn it into industry-changing products and ideas."|
|Chris Beard Named CEO of Mozilla|
|Greg KH has released stable kernels 3.15.7,
3.14.14, 3.10.50, and 3.4.100. All contain important fixes
throughout the tree.
|Stable kernel updates|
|Debianhas updated cups(privilege escalation) and modsecurity-apache(rules bypass).
Fedorahas updated audacious-plugins(F20: denial of service), cinnamon(F20: denial of service), cinnamon-control-center(F20: denial of
denial of service), cobbler(F20; F19: path traversal), control-center(F20: denial of service), empathy(F20: denial of service), ffgtk(F20: denial of service), firefox(F19: multiple vulnerabilities), fldigi(F20: denial of service), fluidsynth(F20: denial of service), gnome-settings-daemon(F20: denial of
service), gnome-shell(F20: denial of
service), gqrx(F20: denial of service), gstreamer1-plugins-good(F20: denial of
service), guacamole-server(F20: denial of
service), java-1.7.0-openjdk(F20: denial
of service), libmikmod(F20: denial of
service), minimodem(F20: denial of
service), mumble(F20: denial of service),
paprefs(F20: denial of service), phonon(F20: denial of service), pulseaudio(F20: denial of service), qemu(F20: denial of service), qmmp(F20: denial of service), qt(F20: denial of service), qt-mobility(F20: denial of service), qt5-qtmultimedia(F20: denial of service), sidplayfp(F20: denial of service), speech-dispatcher(F20: denial of service), sphinxtrain(F20: denial of service), spice-gtk(F20: denial of service), thunderbird(F20: multiple vulnerabilities),
xmp(F20: denial of service), and zarafa(F20; F19: information disclosure).
Gentoohas updated openssl(multiple vulnerabilities).
Mageiahas updated asterisk(multiple vulnerabilities), avidemux(undisclosed vulnerabilities), cacti(MG4:
multiple vulnerabilities), dbus(two denial
of service flaws), java-1.7.0-openjdk(multiple vulnerabilities), live555, vlc,
mplayer(code execution), mariadb(unidentified vulnerabilities), nss, firefox,
thunderbird(multiple vulnerabilities), owncloud(undisclosed vulnerability), pidgin(code execution), ruby-actionpack(MG4: two vulnerabilities), and transmission(code execution).
Oraclehas updated kernel(OL5:
|Security advisories for Monday|
|Linus has released 3.16-rc7. "We
obviously *do* have various real fixes in here, but none of them look all
that special or worrisome. And rc7 is finally noticeably smaller than
previous rc's, so we clearly are calming down. So unlike my early worries,
this might well be the last rc, we'll see how next week
|Kernel prepatch 3.16-rc7|
|The CoreOS developers have announcedthe release of
version 367.1.0 of the CoreOS distribution; this is the first version
deemed to be stable and ready for production. "Please note: The
stable release is not including etcd and fleet as stable, this release is
only targeted at the base OS and Docker 1.0. etcd/fleet stable support will
be in subsequent releases."LWN looked at CoreOSlast April.
|The first stable CoreOS release|
|LWN editor Nathan Willis is giving a keynote talk at the upcoming GUADEC(GNOME Users and Developers European Conference) and was interviewedby GNOME News. Willis's talk is titled "Should We Teach The Robot To Kill"and will look at free software and the automotive industry. "And, finally, my ultimate goal would be to persuade some people that the free-software community can ? and should ? take up the challenge and view the car as a first-rate environment where free software belongs. Because there will naturally be lots of little gaps where the different corporate projects don?t quite have every angle covered. But we don?t have to wait for other giant companies to come along and finish the job. We can get involved now, and if we do, then the next generation of automotive software will be stronger for it, both in terms of features and in terms of free-software ideals."GUADEC is being held in Strasbourg, France July 26?August 1.
|Interview with Nathan Willis, GUADEC Keynote Speaker (GNOME News)|
|On his blog, Sebastian Kügler looksat what's left to be done for KDE's Plasma desktop to support Wayland. He discusses why the project cares about Wayland, what it means to support Wayland, the current status, the strategy for further work, and how interested folks can get involved.
"One of the important topics which we have (kind of) excluded from Plasma?s recent 5.0 release is support for Wayland. The reason is that much of the work that has gone into renovating our graphics stack was also needed in preparation for Wayland support in Plasma. In order to support Wayland systems properly, we needed to lift the software stack to Qt5, make X11 dependencies in our underlying libraries, Frameworks 5 optional. This part is pretty much done. We now need to ready support for non-X11 systems in our workspace components, the window manager and compositor, and the workspace shell."|
|Kügler: Plasma?s Road to Wayland|
|CentOShas updated kernel(C7; C6; C5: two
vulnerabilities) and qemu-kvm(C7: many vulnerabilities).
Debianhas updated apache2(three
vulnerabilities) and transmission(code execution).
Fedorahas updated httpd(F20:
multiple vulnerabilities), ipython(F20; F19: code
multiple vulnerabilities), java-1.8.0-openjdk(F20; F19:
multiple vulnerabilities), and kernel(F19:
Oraclehas updated enterprise
kernel(OL7: three vulnerabilities) and kernel(OL5: two vulnerabilities).
Red Hathas updated openstack-nova(OSP5.0: information
cross-site scripting), python-django-horizon(OSP5.0: three
vulnerabilities), and qemu-kvm-rhev(OSP4.0, OSP3.0: multiple vulnerabilities).
|Security updates for Friday|
|At yesterday's Fedora Engineering Steering Committee (FESCo) meeting, the release of Fedora 21 was delayed by three weeks (FESCo ticket), with the final release now scheduledfor November 4. There are some problems with "test composes"of the release (creating test ISO images) that mean the deadline for the alpha release would be missed. The original plan was to delay for two weeks, but that put the freeze just before the Flock conference, so it was decided to push out an additional week.
|Fedora 21 delayed three weeks|
|Over at Model View Culture, Adam Saunders interviews Karen Sandler, executive director of the Software Freedom Conservancy(SFC) and formerly the executive director of the GNOME Foundation. Sandler talks about SFC, the Outreach Program for Women, as well as being a cyborg: "I was diagnosed with a heart condition and needed a pacemaker/defibrillator, and none of the device manufacturers would let me see the source code that was to be literally sewn into my body and connected to my heart. My life relies on the proper functioning of software every day, and I have no confidence that it will. The FDA generally doesn't review the source code of medical devices nor can the public. But multiple researchers have shown that these devices can be maliciously hacked, with fatal consequences.
Once you start considering medical devices, you quickly start to realize that it's all kinds of software that is life and society-critical - cars, voting machines, stock markets... It's essential that our software be safe, and the only way we can realistically expect that to be the case over time is by ensuring that our software is free and open. If there's catastrophic failure at Medtronic (the makers of my defibrillator), for example, I wouldn't be able to fix a bug in my own medical device."|
|An Interview with Karen Sandler (Model View Culture)|