Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|Firefox 32 has been released. This version adds new HTTP cache for
improved performance and crash recovery, public key pinning support has
been enabled, and much more. See the release
|For a few years now, we have been told that upcoming non-volatile memory (NVM)
devices are going to change how we use our systems. These devices provide
large amounts (possibly terabytes) of memory that is persistent and that
accessed at RAM speeds. Just what we will do with so much persistent
memory is not entirely clear, but it is starting to come into focus. It
seems that we'll run ordinary filesystems on it ? but those filesystems
will have to be tweaked to allow users to get full performance from NVM.
Click below (subscribers only) for the full article from this week's Kernel
|[$] Supporting filesystems in persistent memory|
|The GNOME Foundation has put out its annual report for 2013 as a
24-page PDF file. "As you will see when you read this annual
report, there have been a lot of great things that have happened for the
GNOME Foundation during this period. Two new companies joined our advisory
board, the Linux Foundation and Private Internet Access. The work funded by
our accessibility campaign was completed and we ran a successful campaign
for privacy. During this period, there was a fantastic Board of Directors,
a dedicated Engagement team (who worked so hard to put this report
together), and the conference teams (GNOME.Asia, GUADEC and the Montreal
Summit) knocked it out of the park. Most importantly, we?ve had an influx
of contributors, more so than I?ve seen in some time."|
|The GNOME Foundation's 2013 annual report|
|CentOShas updated glibc(C7; C6; C5: two vulnerabilities).
Debianhas updated lua5.1(code
execution), lua5.2(code execution), and openjdk-7(regression in previous update).
Fedorahas updated cas-client(F20: security constraints bypass), distcc(F20; F19:
denial of service/possible code execution), gvfs(F20: file overwrite and device key
F19: SSL server spoofing), ifuse(F20: file overwrite and device key
access), kernel(F20: privilege
escalation), libgpod(F20: file overwrite
and device key access), libimobiledevice(F20: file overwrite and device key access), libplist(F20: file overwrite and device key
access), libusbmuxd(F20: file overwrite
and device key access), php(F20; F19: multiple vulnerabilities), pixman(F19: denial of service), ppp(F19: privilege escalation), smack(F20: man-in-the-middle attack),
springframework-security(F20; F19: access control restrictions bypass), upower(F20: file overwrite and device key
access), usbmuxd(F20: file overwrite and device key access), and zarafa(F20; F19: multiple vulnerabilities).
Gentoohas updated chromium(multiple vulnerabilities), jinja(privilege escalation), net-snmp(multiple vulnerabilities), nrpe(code execution), openoffice-bin(multiple vulnerabilities), postgresql-server(multiple vulnerabilities), qemu(multiple vulnerabilities), stunnel(private key leak), and wireshark(multiple vulnerabilities).
Mageiahas updated blender(denial of service/possible code execution) and distcc(denial of service/possible code execution).
Mandrivahas updated bugzilla(BS1.0: cross-site request forgery), catfish(BS1.0: privilege escalation), dhcpcd(BS1.0: denial of service), file(BS1.0: denial of service), gpgme(BS1.0: code execution), jakarta-commons-httpclient(BS1.0: SSL server
spoofing), krb5(BS1.0: multiple
denial of service/possible code execution), phpmyadmin(BS1.0: multiple vulnerabilities),
python-imaging(BS1.0: denial of service),
serf(BS1.0: information leak), and subversion(BS1.0: information leak).
Oraclehas updated glibc(OL7; OL6; OL5: two vulnerabilities).
Red Hathas updated glibc(RHEL5,6,7: two vulnerabilities).
Scientific Linuxhas updated glibc(SL5,6: two vulnerabilities).
|Tuesday's security updates|
|LuneOS is the new name for the mobile system once known as WebOS; the first
releaseis available for brave testers now. "The main focus of
LuneOS is to provide an operating system which is driven by the community
and continues what we love(d) about webOS. We?re not trying to reach
feature comparison with Android or iOS but rather building a system to
satisfy basic needs in the mobile environment."The Nexus 4
and HP TouchPad
appear to be the best devices for those wanting to try LuneOS out on real
Clarification: LuneOS is not really a direct successor to webOS; it,
instead, can be thought of as a sort of fork of the Open webOS project
(managed by LG) focused on porting the system to other devices.
|The first LuneOS release|
|Lennart Poettering has posted a
lengthy writeupof a plan put together by the "systemd cabal"(his
words) to rework Linux software distribution. It is based heavily on
namespaces and Btrfs snapshots. "Now, with the name-spacing concepts
we introduced above, we can actually relatively freely mix and match apps
and OSes, or develop against specific frameworks in specific versions on
any operating system. It doesn't matter if you booted your ArchLinux
instance, or your Fedora one, you can execute both LibreOffice and Firefox
just fine, because at execution time they get matched up with the right
runtime, and all of them are available from all the operating systems you
installed. You get the precise runtime that the upstream vendor of
Firefox/LibreOffice did their testing with. It doesn't matter anymore which
distribution you run, and which distribution the vendor prefers."|
|Poettering: Revisiting how we put together Linux systems|
|The 3.17 development cycle continues with the release of 3.17-rc3. "As expected, it is larger
than rc2, since people are clearly getting back from their Kernel Summit
travels etc. But happily, it's not *much* larger than rc2 was, and there's
nothing particularly odd going on, so I'm going to just ignore the whole
'it's summer' argument, and hope that things are just going that
|Kernel prepatch 3.17-rc3|
|Yahoo has announcedits decision to halt the development of Yahoo User Interface library(YUI),
interfaces. In the announcement, the company cites the rise in
popularity of Node.JS, which has changed how developers build HTML
applications, as have recent changes in package management and
web application frameworks. "The consequence of this evolution
have been receiving less attention from the community. Many developers
want to be locked into. As a result, the number of YUI issues and pull
requests we?ve received in the past couple of years has slowly reduced
to a trickle. Most core YUI modules do not have active maintainers,
relying instead on a slow stream of occasional patches from external
contributors. Few reviewers still have the time to ensure that the
patches submitted are reviewed quickly and thoroughly."Nevertheless, it seems, YUI will be maintained for the foreseeable
future, receiving critical fixes as they arise.
|Yahoo to stop development on YUI library|
|Debianhas updated squid3(denial of service).
Fedorahas updated glibc(F20: multiple vulnerabilities), GraphicsMagick(F20: code execution), gtk3(F20: screen lock bypass),
perl-Plack(F19; F20: information disclosure), phpMyAdmin(F19: multiple
vulnerabilities), and subversion(F19; F20:
Gentoohas updated apache(multiple vulnerabilities), file(denial of service), libgcrypt(key
vulnerabilities), and php(multiple
SUSEhas updated MySQL(SLES/SLED 11: multiple vulnerabilities).
Ubuntuhas updated eglibc(10.o4, 12.04, 14.04: denial of service).
|Friday's security updates|
|The Linux Foundation has announced a new conferencecalled "Vault"that will focus on storage and filesystems for Linux. It will be co-located with the annual invitation-only Linux Storage, Filesystem and Memory Management Summit and will be held March 11-12, 2015 at the Revere Hotel in Boston. "'90% of the world's data has been created in the last few years and most of that data is being stored and accessed via a Linux-based system,' said Linux Foundation Chief Marketing Officer Amanda McPherson. 'Now is the ideal time to bring the open source community together in this new forum, Vault, to collaborate on new methods of improving capacity, efficiency and security to manage the huge data volumes envisioned in the coming years. By bringing together the leading minds of Linux file systems and storage and our members who are pushing the limits of what is possible, Vault should expand the state of the art in Linux.'"|
|Linux Foundation creates a new storage and filesystems conference: Vault|
|Russell Pavlicek looksat the rivalry between containers and hypervisors over at Linux.com. He outlines the arguments for and against each, and follows it up with a description of a new contender for a "cloud operating system": unikernels.
"Unikernel systems create tiny VMs. Mirage OSfrom the Xen Projectincubator, for example, has created several network devices that run kilobytes in size (yes, that's ?kilobytes? ? when was the last time you heard of any VM under a megabyte?). They can get that small because the VM itself does not contain a general-purpose operating system per se, but rather a specially built piece of code that exposes only those operating system functions required by the application.
There is no multi-user operating environment, no shell scripts, and no massive library of utilities to take up room ? or to subvert in some nefarious exploit. There is just enough code to make the application run, and precious little for a malefactor to leverage. And in unikernelslike Mirage OS, all the code that is present is statically type-safe, from the applications stack all the way down to the device drivers themselves. It's not the ?end-all be-all? of security, but it is certainly heading in the right direction."|
|Containers vs Hypervisors: The Battle Has Just Begun (Linux.com)|
|On Red Hat's developer blog, Máirín Duffy has tips for developerson improving their application's user experience (UX). "Speaking of speeding things up for your users ? one way you can do this is to limit the amount of choices users have to make while using your application. It?s you, my application developer friend, that users are relying on as an expert in the ways of whatever it is that your application does. Users trust you to make set sane defaults basedon your domain expertise; when you set defaults, you are also alleviating users from having to make a choice that ? depending on their level of expertise ? may be quite hard for them to understand.
This isn?t to say you should eliminate all choices and configuration options from your application! Let users ease into it, though. Give them a good default so that your application requires less of them to start, and as they gain expertise and confidence in using your app over time, they can explore the preferences and change those settings based on their needs when they are ready."|
|5 UX Tips for Developers (Red Hat developer blog)|
|Debianhas updated s3ql(code execution).
Mageiahas updated x11vnc(code
openSUSEhas updated phpMyAdmin(13.1, 12.3: multiple vulnerabilities) and python3(12.3: two vulnerabilities).
Ubuntuhas updated squid3(14.04,
12.04: denial of service).
|Security updates for Thursday|
|Sarah Sharp has posted an
update on the kernel internshipsmanaged through the Outreach Program
for Women, with an emphasis on what past participants are doing now.
"Many people may be disappointed that those three OPW alumni aren?t
working on open source, but I?m overjoyed that these women have found jobs
in the technology sector. This fact is heartening to me because many of the
women that participate in OPW were working in retail before their
internship. To be able to move into the technology sector is a giantstep
in the right direction, and I?m happy that the OPW program could be a part
|2014 Kernel OPW internship report|
|The PHP 5.6.0release is
available. There's a number of new features, including constant scalar
expressions, a new "..."operator for both variadic functions and
sequence unpacking, an exponentiation operator, an integrated interactive
debugger, and more. See the PHP 5.6.0
migration guidefor more information.
|PHP 5.6.0 released|