Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
algorithm has been known for at least a decade to be
weak; while no generated hash collisions had been reported, it was assumed
that this would happen before too long. On February 23, Google announcedthat it had succeeded at this task. While the technique used is
computationally expensive, this event has clarified what most developers
have known for some time: it is time to move away from SHA-1. While the
migration has essentially been completed in some areas (SSL certificates,
for example), there are still important places where it is heavily used,
including at the core of the Git source-code management system.
Unsurprisingly, the long-simmering discussion in the Git community on
moving away from SHA-1 is now at a full boil.
|[$] Moving Git past SHA-1|
|Security updates have been issued by Debian(apache2, radare2, and shadow), Mageia(firebird, libevent, and php-tcpdf), and openSUSE(chromium).
|Security updates for Monday|
|The 4.9.13and 4.4.52stable kernels are out; these
relatively small updates contain the usual set of important fixes.
Update: the 4.10.1update is out as
well (thanks to Thorsten Leemhuis).
|Stable kernels 4.9.13 and 4.4.52 (and 4.10.1)|
|Security updates have been issued by CentOS(kernel and qemu-kvm), Debian(bind9, cakephp, munin, and shadow), Fedora(python-cjson, python-PyMySQL, quagga, util-linux, and xen), Mageia(kernel kmod and kernel-tmb), Oracle(kernel), Red Hat(kernel), and Scientific Linux(kernel).
|Some weekend security updates|
|Linus Torvalds has posted a lengthy
explanationof why the recently created SHA-1 collision is not an
emergency for Git users. "In the pdf examples, the pdf format acted
as the 'black box', and what you see is the printout which has only a very
indirect relationship to the pdf encoding.
But if you use git for source control like in the kernel, the stuff you
really care about is source code, which is very much a transparent
medium. If somebody inserts random odd generated crud in the middle of your
source code, you will absolutely notice."That said, he notes that
there is work in progress to move away from SHA-1.
[It seems that subversion users have an additional set of concerns; see this bug report
conversationfor the scary story.]
|Linus on Git and SHA-1|
|Thanks to Josh Triplett for sending us this Google Project Zero reportabout a dump of unitialized memory caused by Cloudflare's
reverse proxies. "A while later, we figured out how to reproduce the
problem. It looked like that if an html page hosted behind cloudflare had a
specific combination of unbalanced tags, the proxy would intersperse pages
of uninitialized memory into the output (kinda like heartbleed, but
cloudflare specific and worse for reasons I'll explain later). My working
theory was that this was related to their "ScrapeShield"feature which
parses and obfuscates html - but because reverse proxies are shared between
customers, it would affect *all* Cloudflare customers. We fetched a few live samples, and we observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security.
|Cloudflare Reverse Proxies are Dumping Uninitialized Memory|
|Security updates have been issued by Debian(libreoffice and phpmyadmin), Fedora(kopete and xrdp), Oracle(kernel and qemu-kvm), Red Hat(kernel and qemu-kvm), Scientific Linux(kernel and qemu-kvm), and Ubuntu(LibreOffice and php7.0).
|Security updates for Friday|
|Over at the Red Hat Developers blog, Martin Sebor looks atsome new (or enhanced) warnings available in GCC 7 that will help catch various types of memory errors. For example: "The -Wformat-overflow=leveloption detects certain and likely buffer overflow in calls to the sprintffamily of formatted output functions. The option starts by determining the size of the destination buffer, which can be allocated either statically or dynamically. It then iterates over directives in the format string, calculating the number of bytes each result in output. For integer directives like %iand %xit tries to determine either the exact value of the argument or its range of values and uses the result to calculate the exact or minimum and maximum number of bytes the directive can produce. Similarly for floating point directives such as %aand %f, and string directives such as %s. When it determines that the likely number of bytes a directive results in will not fit in the space remaining in the destination buffer it issues a warning."|
|Memory Error Detection Using GCC (Red Hat Developers blog)|
|Andrey Konovalov has announcedthe discovery and fix of a local privilege escalation in the Linux kernel. Using the syzkallerfuzzer (which LWN looked ataround one year ago), he found a double-free in the Datagram Congestion Control Protocol (DCCP) implementation that goes back to at least September 2006 (2.6.18), but probably all the way back to the introduction of DCCP in October 2005 (2.6.14). "[At] this point we have a use-after-free on some_object. An attacker can
control what object that would be and overwrite it's content with
arbitrary data by using some of the kernel heap spraying techniques.
If the overwritten object has any triggerable function pointers, an
attacker gets to execute arbitrary code within the kernel.
I'll publish an exploit in a few days, giving people time to update."|
|Ancient local privilege escalation vulnerability in the kernel announced|
|Greg Kroah-Hartman has announced the release of the 4.9.12and 4.4.51stable kernels. As usual, there are
important fixes in the updates and users of those kernels should upgrade.
|Stable kernels 4.9.12 and 4.4.51|
|Security updates have been issued by Arch Linux(bzip2, kernel, and linux-zen), CentOS(kernel), Debian(bitlbee, kernel, and tomcat7), Fedora(diffoscope, mujs, pcre, plasma-desktop, and tomcat), Mageia(libpcap/tcpdump and spice), openSUSE(gd, kernel, libquicktime, and libXpm), Oracle(kernel), Red Hat(kernel, kernel-rt, and python-oslo-middleware), SUSE(php5 and util-linux), and Ubuntu(imagemagick).
|Security updates for Thursday|
|The final version of the LEDE router distribution's 17.01.0 release is now
available. "LEDE 17.01.0 "Reboot"incorporates thousands of commits over the last
nine months of effort. With this release, the LEDE development team
closes out an intense effort to modernize many parts of OpenWrt and
incorporate many new modules, packages, and technologies."LWN
recently reviewed a release-candidate
versionof LEDE 17.01.
|LEDE v17.01.0 final|
|The Google security blog carries
the newsof the first deliberately constructed SHA-1 hash collision.
"We started by creating a PDF prefix specifically crafted to allow us
to generate two documents with arbitrary distinct visual contents, but that
would hash to the same SHA-1 digest. In building this theoretical attack in
practice we had to overcome some new challenges. We then leveraged Google?s
technical expertise and cloud infrastructure to compute the collision which
is one of the largest computations ever completed."The SHA-1 era is truly coming to an end, even if most attackers lack access
to the computing resources needed for this particular exploit.
|Announcing the first SHA1 collision|
|The LWN.net Weekly Edition for February 23, 2017 is available.
|[$] LWN.net Weekly Edition for February 23, 2017|
|Tuukka Turunen presentsa roadmap for
Qt. "Qt 3D was first released with Qt 5.7 and in Qt 5.8 the focus was mostly on stability and performance. With Qt 5.9 we are providing many new features which significantly improve the functionality of Qt 3D. Notable new features include support for mesh morphing and keyframe animations, using Qt Quick items as a texture for 3D elements, as well as support for physically based rendering and particles. There are also multiple smaller features and improvements throughout the Qt 3D module."|
|Turunen: Qt Roadmap for 2017|