Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|The registrationfor the NetDev 2.2networking conference is now open. It will be held in Seoul, Korea November 8-10. As usual, it will be preceded by the invitation-only Netconffor core kernel networking hackers. "Netdev 2.2 is a community-driven conference geared towards Linux netheads. Linux kernel networking and user space utilization of the interfaces to the Linux kernel networking subsystem are the focus. If you are using Linux as a boot system for proprietary networking, then this conference _may not be for you_."LWN covered these conferences in 2016and earlier this year; with luck, we will cover these upcoming conferences as well.
|NetDev 2.2 registration is now open|
|Security updates have been issued by Arch Linux(newsbeuter), Debian(augeas, curl, ioquake3, libxml2, newsbeuter, and strongswan), Fedora(bodhi, chicken, chromium, cryptlib, cups-filters, cyrus-imapd, glibc, mingw-openjpeg2, mingw-postgresql, qpdf, and torbrowser-launcher), Gentoo(bzip2, evilvte, ghostscript-gpl, Ked Password Manager, and rar), Mageia(curl, cvs, fossil, jetty, kernel, kernel-linus, kernel-tmb, libmspack, mariadb, mercurial, potrace, ruby, and taglib), Oracle(kernel), Red Hat(xmlsec1), and Ubuntu(graphite2 and strongswan).
|Security updates for Monday|
|Gentoo has long provided a hardened kernel package, but that is
coming to an end. "As you may know the core of
sys-kernel/hardened-sources has been the grsecurity patches. Recently the
grsecurity developers have decided to limit access to these patches. As a
result, the Gentoo Hardened team is unable to ensure a regular patching
schedule and therefore the security of the users of these kernel
sources. Thus, we will be masking hardened-sources on the 27th of August
and will proceed to remove them from the package repository by the end of
|The end of Gentoo's hardened kernel|
|The 4.13-rc6kernel prepatch is out.
"So everything still looks on target for a normal release schedule,
which would imply rc7 next weekend, and then the final 4.13 the week
Unless something happens, of course. Tomorrow is the solar eclipse,
and maybe it brings doom and gloom even beyond the expected Oregon
trafficalypse. You never know."|
|Kernel prepatch 4.13-rc6|
|Power-efficient workqueues were first introduced in the
3.11 kernel release; since then, fifty or so
subsystems and drivers have been updated to use them. These workqueues
can be especially useful on handheld devices (like tablets and
smartphones), where power is at a premium.
ARM platforms with power-efficient workqueues enabled on Ubuntu and
Android have shown significant improvements in energy consumption (up to
15% for some use cases).
|[$] Power-efficient workqueues|
|Security updates have been issued by Debian(kernel and libmspack), Fedora(groovy18 and nasm), openSUSE(curl, java-1_8_0-openjdk, libplist, shutter, and thunderbird), Oracle(git, groovy, kernel, and mercurial), Red Hat(rh-git29-git), SUSE(openvswitch), and Ubuntu(c-ares, clamav, firefox, libmspack, and openjdk-7).
|Security updates for Friday|
|Security updates have been issued by CentOS(git), Debian(firefox-esr and mariadb-10.0), Gentoo(bind and tnef), Mageia(kauth, kdelibs4, poppler, subversion, and vim), openSUSE(fossil, git, libheimdal, libxml2, minicom, nodejs4, nodejs6, openjpeg2, openldap2, potrace, subversion, and taglib), Oracle(git and kernel), Red Hat(git, groovy, httpd24-httpd, and mercurial), Scientific Linux(git), and SUSE(freeradius-server, ImageMagick, and subversion).
|Security updates for Thursday|
|The LWN.net Weekly Edition for August 17, 2017 is available.
|[$] LWN.net Weekly Edition for August 17, 2017|
|Stable kernels 4.12.8, 4.9.44, 4.4.83, and 3.18.66have been released. Each contains important fixes throughout the tree and users should upgrade.
|Stable kernel updates|
|A bug that allows an attacker to overwrite a function pointer in the kernel
opens up a relatively
easy way to compromise the kernel?doubly so, if an attacker simply
needs to wait for the kernel use the compromised pointer. There are various
techniques that can be used to protect kernel function pointers that are
set at either compile or initialization time, but there are some pointers
that are routinely set as the kernel runs; timer completion functions are a
good example. An RFC patch posted to the kernel-hardening mailing list
would add a way to detect that those function pointers have been changed
in an unexpected way and to stop the kernel from executing that code.
|[$] A canary for timer-expiration functions|
|Earlier this month we reportedthat the
Krita Foundation was having some financial difficulties. The Krita
Foundation has an updatewith thanks to
all who donated. "So, even though we?re going to get another accountant?s bill of about 4500 euros, we?ve still got quite a surplus! As of this moment, we have ?29,657.44 in our savings account!
That means that we don?t need to do a fund raiser in September. Like we said, we?ve still got some features to finish."|
|Thank you from Krita|
|The startup time for the Python interpreter has been discussed by the core
developers and others numerous times over the years; optimization efforts
are made periodically as well.
Startup time can dominate the execution time of command-line programs
written in Python,
especially if they import a lot of other modules. Python startup time is
worse than some other scripting languages and more recent versions of the
language are taking more than twice as long to start up when compared to
earlier versions (e.g. 3.7 versus 2.7).
The most recent iteration of the startup time
discussion has played out in the python-dev and python-ideas mailing lists
since mid-July. This time, the focus has been on the collections.namedtuple()data structure that is used in multiple places throughout the standard
library and in other Python modules, but the discussion has been more
wide-ranging than simply that.
|[$] Reducing Python's startup time|
|Security updates have been issued by CentOS(firefox, httpd, and java-1.7.0-openjdk), Fedora(cups-filters, potrace, and qpdf), Mageia(libsoup and mingw32-nsis), openSUSE(kernel), Oracle(httpd, kernel, spice, and subversion), Red Hat(httpd, java-1.7.1-ibm, and subversion), Scientific Linux(httpd), Slackware(xorg), SUSE(java-1_8_0-openjdk), and Ubuntu(firefox, linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon, linux-lts-xenial, postgresql-9.3, postgresql-9.5, postgresql-9.6, and ubufox).
|Security updates for Wednesday|
|The Solus distribution project has announcedthe availability of Solus 3. "This is the third iteration of
Solus since our move to become a rolling release operating system. Unlike
the previous iterations, however, this is a release and not a
snapshot. We?ve now moved away from the 'regular snapshot' model to
accommodate the best hybrid approach possible - feature rich releases with
explicit goals and technology enabling, along with the benefits of a
curated rolling release operating system."Headline features
include support for the Snap packaging format, a lot of desktop changes,
and numerous software updates. (LWN looked at
|Solus 3 released|
|The GNOME project was founded by Miguel de Icaza and Federico Mena Quintero
on August 15, 1997, so today the project celebratesits 20th birthday. "There have been 33 stable releases since the initial release of GNOME 1.0 in 1999. The latest stable release, GNOME 3.24 ?Portland,? was well-received. ?Portland? included exciting new features like the GNOME Recipes application and Night Light, which helps users avoid eyestrain. The upcoming version of GNOME 3.26 ?Manchester,? is scheduled for release in September of this year. With over 6,000 contributors, and 8 million lines of code, the GNOME Project continues to thrive in its twentieth year."|
|GNOME turns 20|