LINUXsecure_LOGO
Issues on Linux and Security
 
-->
 
 
 
 
 
 
 
home
button Home
 

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.


back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
The OpenSSH 7.9 release is out. It (finally) allows the use of symbolic service names rather than port numbers, adds support for sending signals over the SSH protocol, bans the use of DSA keys for certificate authorities, and more.
OpenSSH 7.9 released

Security updates have been issued by Debian(drupal7 and libssh), openSUSE(binutils, ImageMagick, and java-11-openjdk), Oracle(java-1.8.0-openjdk), Scientific Linux(java-1.8.0-openjdk), and SUSE(apache2, bash, binutils, clamav, curl, dovecot22, firefox, ghostscript, git, glibc, gnutls, gpg2, icu, java-1_7_0-openjdk, java-1_7_1-ibm, java-1_8_0-ibm, java-1_8_0-openjdk, kernel, kernel-firmware, libvirt, libzypp, zypper, mariadb, nagios, ntp, openslp, openssh, openssl, perl, postgresql10, qemu, qpdf, samba, shadow, smt, yast2-smt, ucode-intel, wireshark, xen, yast2-smt, and zziplib).
Security updates for Friday

OpenBSD 6.4 has been released. This release features improved hardware support, adding a number of new drivers. Notable security improvements include the new unveil() system callto restrict file system access.
OpenBSD 6.4

Ubuntu has announced the release of its latest version, 18.10 (or "Cosmic Cuttlefish"). It has lots of updated packages and such, and is available in both a desktop and server version; there are also multiple flavorsthat were released as well. More information can be found in the release notes. "The Ubuntu kernel has been updated to the 4.18 based Linux kernel, our default toolchain has moved to gcc 8.2 with glibc 2.28, and we've also updated to openssl 1.1.1 and gnutls 3.6.4 with TLS1.3 support. Ubuntu Desktop 18.04 LTS brings a fresh look with the community-driven Yaru theme replacing our long-serving Ambiance and Radiance themes. We are shipping the latest GNOME 3.30, Firefox 63, LibreOffice 6.1.2, and many others. Ubuntu Server 18.10 includes the Rocky release of OpenStack including the clustering enabled LXD 3.0, new network configuration via netplan.io, and iteration on the next-generation fast server installer. Ubuntu Server brings major updates to industry standard packages available on private clouds, public clouds, containers or bare metal in your datacentre."
Ubuntu 18.10 (Cosmic Cuttlefish) released

The PostgreSQL 11 release is out. "PostgreSQL 11 provides users with improvements to overall performance of the database system, with specific enhancements associated with very large databases and high computational workloads. Further, PostgreSQL 11 makes significant improvements to the table partitioning system, adds support for stored procedures capable of transaction management, improves query parallelism and adds parallelized data definition capabilities, and introduces just-in-time (JIT) compilation for accelerating the execution of expressions in queries."See this articlefor a detailed overview of what is in this release.
PostgreSQL 11 released

For some years now, one has not had to look far to find articles proclaiming the demise of the GNU General Public License. That license, we are told, is too frightening for many businesses, which prefer to use software under the far weaker permissive class of license. But there is a business model that is based on the allegedly scary nature of the GPL, and there are those who would like to make it more lucrative; the only problem is that the GPL isn't quite scary enough yet.
[$] Making the GPL more scary

Greg Kroah-Hartman has announced the release of the 4.18.15, 4.14.77, and 4.9.134stable kernels. As usual, there are important fixes throughout the tree and users should upgrade.
Stable kernels 4.18.15, 4.14.77, and 4.9.134

Security updates have been issued by Arch Linux(chromium, libssh, and net-snmp), Debian(libssh and xen), Fedora(audiofile), openSUSE(axis, GraphicsMagick, ImageMagick, kernel, libssh, samba, and texlive), Oracle(java-1.8.0-openjdk), Red Hat(java-1.8.0-openjdk, rh-nodejs6-nodejs, and rh-nodejs8-nodejs), SUSE(binutils and fuse), and Ubuntu(paramiko).
Security updates for Thursday

The LWN.net Weekly Edition for October 18, 2018 is available.
[$] LWN.net Weekly Edition for October 18, 2018

Graphical applications are always pushing the limits of what the hardware can do and recent developments in the graphics world have caused Intel to rethink its 3D graphics driver. In particular, the lower CPU overhead that the Vulkan driver on Intel hardware can provide is becoming more attractive for OpenGL as well. At the 2018 X.Org Developers ConferenceKenneth Graunke talked about an experimental re-architecting of the i965 driver using Gallium3D?a development that came as something of a surprise to many, including him.
[$] A new direction for i965

Trusted Computing has not had the best reputation over the years — Richard Stallman dubbing it "Treacherous Computing"probably hasn't helped — though those fears of taking away users' control of their computers have not proven to be founded, at least yet. But the Trusted Platform Module, or TPM, inside your computer can do more than just potentially enable lockdown. In our second report from Kernel Recipes 2018, we look at a talk from James Bottomley about how the TPM works, how to talk to it, and how he's using it to improve his key handling.
[$] Secure key handling using the TPM

Security updates have been issued by CentOS(tomcat), Debian(asterisk, graphicsmagick, and libpdfbox-java), openSUSE(apache2 and git), Oracle(tomcat), Red Hat(kernel and Satellite 6.4), Slackware(libssh), SUSE(binutils, ImageMagick, and libssh), and Ubuntu(clamav, libssh, moin, and paramiko).
Security updates for Wednesday

The free-software community was built on email, a distributed technology that allows people worldwide to communicate regardless of their particular software environment. While email remains at the core of many projects' workflow, others are increasingly trying to move away from it. A couple of recent examples show what is driving this move and where it may be headed.
[$] A farewell to email

The Bro network security monitoring project has announceda name change to "Zeek". "On the Leadership Team of the Bro Project, we heard clear concerns from the Bro community that the name 'Bro' has taken on strongly negative connotations, such as 'Bro culture'. These send a sharp, anti-inclusive - and wholly unintended and undesirable - message to those who might use Bro. The problems were significant enough that during BroCon community sessions, several people have mentioned substantial difficulties in getting their upper management to even consider using open-source software with such a seemingly ill-chosen, off-putting name."
Bro becomes Zeek

The Software Freedom Law Center has announcedthe availability of a whitepaper [PDF]about automotive software and copyleft, written by Mark Shuttleworth and Eben Moglen. At its core, it's an advertisement for Ubuntu and Snap, but it does look at some of the issues involved. The fine grain of interface access rights provided by the snapd governance agent can thus provide further isolation and security when it is running user-modified code, guaranteed under the snap packaging paradigm to cause no other program code to be modified, to break, or to perform differently because of the presence of the user-modified program. Such a structure of modification permission can be operated by the OEM consistent with the requirements of GPLv3. The OEM can publish an authenticated record of the installation permission issued, indexed by the Vehicle Identification Number?without publishing the car owner?s personal information?so that public and private parties can be assured that no surreptitious modification of vehicle software occurs.
SFLC: Automotive Software Governance and Copyleft

cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
Vuln: cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
Vuln: Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
Vuln: Apache Struts CVE-2016-1182 Security Bypass Vulnerability

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
Vuln: OpenSSL CVE-2018-0732 Denial of Service Vulnerability

[SECURITY] [DSA 4269-1] postgresql-9.6 security update
Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update

[SECURITY] [DSA 4268-1] openjdk-8 security update
Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update

[SECURITY] [DSA 4267-1] kamailio security update
Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update

[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2
Bugtraq: [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus

-->