Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|Greg Kroah-Hartman has released stable kernels 4.4.74and 3.18.58. Both contain the usual set of
important fixes and users should upgrade.
|Stable kernel updates|
|Security updates have been issued by Arch Linux(kernel, linux-zen, and tcpreplay), Debian(drupal7, exim4, expat, imagemagick, and smb4k), Fedora(chromium, firefox, glibc, kernel, openvpn, and wireshark), Mageia(mercurial and roundcubemail), openSUSE(kernel, libmicrohttpd, libqt5-qtbase, libqt5-qtdeclarative, openvpn, and python-tablib), Scientific Linux(sudo), and SUSE(firefox).
|Security updates for Monday|
|The 4.12-rc7kernel prepatch is out.
"It's fairly small, and there were no huge surprises, so if nothing
untoward happens this upcoming week, this will be the final rc. But as
usual, I reserve the right to just drag things out if I end up feeling
uncomfortable about things for any reason including just random gut
feelings, so we'll see."|
|Kernel prepatch 4.12-rc7|
4.9.34stable kernel updates have been
released. Among other things, they contain the fixes for the recently
disclosed "Stack Clash"vulnerability.
The 4.4.74, and
3.18.58updates are still in the review
process but should be out in the near future.
|Stable kernels 4.11.7 and 4.9.34|
|The default apps on a mobile platform like Android are familiar targets for
replacement, especially for developers concerned about security. But while
messaging and voice apps (which can be replaced by Signal and Ostel, for
instance) may be the best known examples, the non-profit Guardian Projecthas taken up the
cause of improving the security features of the camera app. Its latest
such project is ProofMode, an app
to let users take photos and videos that can be verified as authentic by
|[$] ProofMode: a camera app for verifiable photography|
|Security updates have been issued by Arch Linux(linux-hardened), CentOS(sudo), Debian(apache2, c-ares, flatpak, graphite2, and openvpn), Fedora(glibc and thunderbird), Gentoo(graphite2, jbig2dec, libksba, nettle, urbanterror, and vim), openSUSE(go and unrar), Oracle(sudo), SUSE(tomcat), and Ubuntu(openvpn).
|Security updates for Friday|
|The digiKam Team has releasedversion 5.6.0 of the digiKam Software Collection for photo management. "With this version the HTML gallery and the video slideshow tools are back, database shrinking (e.g. purging stale thumbnails) is also supported on MySQL, grouping items feature has been improved, the support for custom sidecars type-mime have been added, the geolocation bookmarks introduce fixes to be fully functional with bundles, the support for custom sidecars, and of course a lots of bug has been fixed."|
|digiKam 5.6.0 is released|
|Security updates have been issued by Arch Linux(lxterminal, lxterminal-gtk3, openvpn, and pcmanfm), CentOS(thunderbird), Debian(jython, spip, tomcat7, and tomcat8), openSUSE(openvpn), Oracle(thunderbird), Slackware(openvpn), SUSE(openvpn), and Ubuntu(kernel, linux-lts-trusty, nss, and valgrind).
|Security updates for Thursday|
|The LWN.net Weekly Edition for June 22, 2017 is available.
|[$] LWN.net Weekly Edition for June 22, 2017|
Source Summit Japan(OSSJ)?OSS is the new name for LinuxCon,
ContainerCon, and CloudOpen?Sasha Levin gave a talk on the kernel's
application binary interface (ABI). There is an effort to create a kernel
ABI specification that has its genesis in a
discussion about fuzzersat the 2016 Linux Plumbers Conference. Since
some progress on it has been made, so Levin described what the ABI is and the
benefits that would come from having a specification. He also covered
what has been done so far?and the
the extensive work remaining to be done.
|[$] Specifying the kernel ABI|
|Guido Vranken describes
his effortsto fuzz-test OpenVPN and the bug reports that resulted.
"Most of this issues were found through fuzzing. I hate admitting it,
but my chops in the arcane art of reviewing code manually, acquired through
grueling practice, are dwarfed by the fuzzer in one fell swoop; the
mortal?s mind can only retain and comprehend so much information at a time,
and for programs that perform long cycles of complex, deeply nested
operations it is simply not feasible to expect a human to perform an
encompassing and reliable verification."|
|Vranken: The OpenVPN post-audit bug bonanza|
|At PyCon 2017, Kavya Joshi looked
at some of the differences between the Python reference implementation
(known as "CPython") and
that of MicroPython. In particular,
she described the differences in memory use and handling between the two.
Those differences are
what allows MicroPython to run on the severely memory-constrained
microcontrollers it targets?an environment that could never support CPython.
|[$] Memory use in CPython and MicroPython|
|For those who are curious about how the community deals with a serious
vulnerability, Solar Designer's description of the embargo process around
the "Stack Clash"issue (and his unhappiness with it) is worth
a read. "Qualys first informed the distros list about this upcoming set of issues
on May 3. This initial notification didn't say Stack Clash nor anything
like that, but merely expressed intent to disclose the issues and
concern that the list's maximum embargo duration of 14 to 19 days might
not be sufficient in this case. In the resulting discussion, I agreed
to consider extending the embargo beyond list policy should there be
convincing reasons for that. In retrospect, I think I shouldn't have
agreed to that."|
|A Stack Clash disclosure post-mortem|
|Version 1.2 of the Opus audio codec has been released. "For music encoding Opus has already been shown to out-perform other audio codecs at both 64 kb/s and 96 kb/s. We originally thought that 64 kb/s was near the lowest bitrate at which Opus could be useful for streaming stereo music. However, with variable bitrate (VBR) improvements in Opus 1.1, suddenly 48 kb/s became a realistic target. Opus 1.2 continues on the path to lowering the bitrate limit. Music at 48 kb/s is now quite usable and while the artefacts are generally audible, they are rarely annoying. Even more, we've actually been pushing all the way to fullband stereo at just 32 kb/s!
Most of the music encoding quality improvements in 1.2 don't come from big new features (like tonality analysis that got added to version 1.1), but from many small changes that all add up."|
|Opus 1.2 released|
|In a brief note to the GCC list, David Edelson announces: "I am
pleased to announce that the GCC Steering Committee has accepted the D
Language front-end and runtime for inclusion in GCC and appointed Iain
Buclaw as maintainer."|
|D Language accepted for inclusion in GCC|