Issues on Linux and Security
fase4 RDF Error: is not available
fase4 RDF Error: Cannot write to: b8c61811cd101f320a96a2073c688545

Exception at Line: 979
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Linus has sent out 3.19-rc1and closed the merge window for this release one day earlier than some might have expected. "Considering how much came in fairly late, I find it hard to care about anybody who had decided to cut it even closer than some people already did. That said, maybe there aren't any real stragglers - and judging by the size of rc1, there really can't have been much."In the end, 11,408 non-merge changesets were pulled into the mainline during this development cycle.
Kernel prepatch 3.19-rc1

The lowRISC project, which aims to create and manufacture a fully open-source system-on-chip (SoC) and development board, has released a documenton its plans to incorporate tagged memory and minion cores into the SoC. Minion cores are separate I/O processors that can be used to implement various I/O protocols without requiring additional hardware in the design. "Tagged memory associates metadata with each memory location and can be used to implement fine-grained memory access restrictions. Attacks which hijack control flow can be prevented by using this protection to restrict writes to memory locations containing return addresses, function pointers, and vtable pointers. Importantly, we anticipate this can be implemented with a worst- case performance overhead of a few percent and a similarly low area cost. This fine-grained memory protection can be used automatically by the compiler, meaning improved security is available to existing programs without source code modifications. We intend to provide tagged memory alongside security features which are already commonly deployed such as secure boot, encrypted off-chip memory, and cryptographic accelerators."
Tagged memory and minion cores in the lowRISC SoC

The Free Software Foundation Europe (FSFE) has commentedon the most recent European Union (EU) budget?approved on December 17?that includes ?1 million for auditing free-software programs that are used by the EU governmental bodies. The auditing is meant to find and fix security holes in those programs. "Even though these institutions are tightly locked into non-free file formats, much of their infrastructure is based on Free Software. 'This is a very welcome decision,' says FSFE's president Karsten Gerloff. 'Like most public bodies, the European institutions rely heavily on Free Software for their daily operations. It is good to see that the Parliament and the Commission will invest at least a little in improving the quality and the programs they use.'"
EU to fund Free Software code review (FSFE)

CentOShas updated glibc(C7: code execution), jasper(C7; C6: three code execution flaws), and kernel(C7: privilege escalation). Gentoohas updated znc(two denial of service flaws, one from 2013). Oraclehas updated glibc(OL7: three vulnerabilities), jasper(OL7; OL6: three code execution flaws), and kernel(OL7; OL5; OL5: privilege escalation). Red Hathas updated glibc(RHEL7: code execution) and jasper(RHEL6&7: three code execution flaws). Scientific Linuxhas updated jasper(SL6&7: three code execution flaws). Ubuntuhas updated kernel(14.04: regression in previous security fix) and kernel(14.10: regression in previous security fix).
Friday's security advisories

There is a new version of the Git client out with an important security fix: with vulnerable versions of the Git client on a case insensitivefilesystem, it is possible for a pull from a repository to overwrite the .gitdirectory and cause the execution of arbitrary commands. Linux systems running normal filesystems are not affected by this problem, but Windows and Mac OS systems are.
Git v2.2.1 (security release) available

The KDE project has announced the release of KDE Applications 14.12, which has the first set of applications that have been ported to KDE Frameworks 5. Most of the applications are still based on KDE Development Platform 4, but some have been moved to the new Qt5-based Frameworks. "The release includes the first KDE Frameworks 5-based versions of Kate and KWrite, Konsole, Gwenview, KAlgebra, Kanagram, KHangman, Kig, Parley, KApptemplate and Okteta. Some libraries are also ready for KDE Frameworks 5 use: analitza and libkeduvocdocument. Libkface is new in this release; it is a library to enable face detection and face recognition in photographs."More information on the new features and fixes that came in the release can be found in the change logand a KDE.News article.
KDE Applications 14.12 released

On his blog, André Klapper describesWikimedia's move from Bugzilla to Phabricator, which is described as an "open source software engineering platform". After ten years and 70,000+ bugs, there was a lot of data to migrate, which went well overall, though there were a few surprises along the way. "We had to work around an unresolved upstream XML-RPC API bugin Bugzilla by applying a custom hack when exporting comments in a first step and removing the hack when exporting attachments (with binary data) in a second step. Though we did, it took us a while to realize that Bugzilla attachments imported into Phabricator were scrambled as the hack got still applied for unknown reasons (some caching?). Rebooting the Bugzilla server fixed the problem but we had to start from scratch with importing attachments."(Thanks to Paul Wise.)
Klapper: Good bye Bugzilla, welcome Phabricator.

CentOShas updated kernel(C5: privilege escalation). Fedorahas updated bind(F20: two denial of service flaws), cpio(F21: denial of service), pam(F20: two vulnerabilities, one from 2013), and tcpdump(F20: three vulnerabilities). Red Hathas updated kernel(RHEL7; RHEL6; RHEL5: privilege escalation). Scientific Linuxhas updated kernel(SL7; SL5: privilege escalation).
Security updates for Thursday

Version 9.4of the PostgreSQL relational database management system is out. "This release adds many new features which enhance PostgreSQL's flexibility, scalability and performance for many different types of database users, including improvements to JSON support, replication and index performance."See this articlefor a lot more information on what's in this release.
PostgreSQL 9.4 released

The Weekly Edition for December 18, 2014 is available.
[$] Weekly Edition for December 18, 2014

The GnuPG projectis seeking donations. "For a critical project of this size two experienced developers are required for proper operation. This requires gross revenues of 120000 Euro per year. Unfortunately there is currently only one underpaid full time developer who is barely able to keep up with the work; see this blog entryfor some background."(Thanks to Paul Wise)
Securing the future of GnuPG

CentOShas updated kernel(C6: multiple vulnerabilities) and mailx(C7; C6: command execution). Debianhas updated bsd-mailx(command execution) and heirloom-mailx(command execution). Fedorahas updated dbus(F21: multiple vulnerabilities), grub2(F19: code execution), mingw-jasper(F21; F20; F19: code execution), pwgen(F19: two vulnerabilities), python-tornado(F20: denial of service), rpm(F21: code execution), and xorg-x11-server(F20: multiple vulnerabilities). openSUSEhas updated seamonkey(13.2; 13.1, 12.3: multiple vulnerabilities) and thunderbird(13.2, 13.1, 12.3: multiple vulnerabilities). Oraclehas updated kernel(OL6: multiple vulnerabilities) and mailx(OL7; OL6: command execution). Red Hathas updated kernel(RHEL6: multiple vulnerabilities), kernel-rt(RHE MRG: privilege escalation), mailx(RHEL6,7: command execution), and thermostat1-thermostat(RHSCL: privilege escalation). Scientific Linuxhas updated kernel(SL6: multiple vulnerabilities) and mailx(SL6,7: command execution).
Security advisories for Wednesday

Stable kernels 3.18.1, 3.17.7, 3.14.27, and 3.10.63have been released. All contain important fixes.
Stable kernel updates

The Trinity Desktop Environment (TDE) development team has announced the releaseof TDE R14.0.0. "Unlike previous releases TDE R14.0.0 has been in development for over two years. This extended development period has allowed us to create a better, more stable and more feature-rich product than previous TDE releases. R14 is brimming with new features, such as a new hardware manager based on udev (HAL is no longer required), full network-manager 0.9 support, a brand new compositor (compton), built-in threading support, and much more!"
Trinity Desktop Environment R14.0.0 Released

Sean Harmer coversthe revival of Qt3D, a 3D framework. "With OpenGL taking a much more prominent position in Qt 5?s graphical stack ? OpenGL is the underpinning of Qt Quick 2?s rendering power ? and with OpenGL becoming a much more common part of customer projects, KDAB decided that it would be good for us and for the Qt community at large if we took over maintainership and development of the Qt3D module. To this end, several KDAB engineers have been working hard to bring Qt3D back to life and moreover to make it competitive to other modern 3D frameworks. This article is the first in a series that will cover the capabilities, APIs, and implementation of Qt3D in detail."
Harmer: Overview of Qt3D 2.0 ? Part 1