Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
In a 2018 Python Language Summit talk that was initially billed as "Mariatta's Topic of Mystery", Mariatta Wijaya described her reasoning for advocating moving Python away from its current bug trackerto GitHub Issues. She wanted to surprise her co-attendees with the talk topic at least partly because it is somewhat controversial. But it would complete Python's journey to GitHubthat started a ways back.
[$] Using GitHub Issues for Python

It is the season for web sites to be updating their privacy policies and obtaining consent from their users for whatever data they collect. LWN, being short of staff with the time or interest to work in this area, is rather late to this game. The first step is an updated privacy policy, which we're now putting out for review. Little has changed from the current version; we still don't collect much data, share data with others, or attempt to monetize what we have in any way. We would like to ask interested readers to have a look and let us know about any potential problems they see.
RFC: LWN's draft updated privacy policy

Intel has, finally, disclosedtwo more Spectre variants, called 3a and 4. The first ("rogue system register read") allows system-configuration registers to be read speculatively, while the second ("speculative store bypass") could enable speculative reads to data after a store operation has been speculatively ignored. Some more information on variant 4 can be found in the Project Zero bug tracker. The fix is to install microcode updates, which are not yet available.
Spectre variants 3a and 4

At the 2018 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM), Steve French led a discussion of various problem areas for network filesystems. Unlike previous sessions (in 2016and 2017), there was some good news to report because the long-awaited statx()system callwas released in Linux 4.11. But there is still plenty of work to be done to better support network filesystems in Linux.
[$] Network filesystem topics

Parrot 4.0 has been released. Parrot is a security-oriented distribution aimed at penetration tests and digital forensics analysis, with additional tools to preserve privacy. "On Parrot 4.0 we decided to provide netinstall images too as we would like people to use Parrot not only as a pentest distribution, but also as a framework to build their very own working environment with ease."Docker templates are also available.
Parrot 4.0 is out

Security updates have been issued by Arch Linux(lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), CentOS(firefox), Debian(imagemagick), Fedora(exiv2, LibRaw, and love), Gentoo(chromium), Mageia(kernel, librelp, and miniupnpc), openSUSE(curl, enigmail, ghostscript, libvorbis, lilypond, and thunderbird), Red Hat(Red Hat OpenStack Platform director), and Ubuntu(firefox).
Security updates for Monday

The 4.17-rc6kernel prepatch is out. "So nothing special to report. Go read the shortlog, pull the changes, build, and test. It should all be good and pretty stable by this point."
Kernel prepatch 4.17-rc6

The 4.16.10, 4.14.42, and 4.9.101stable kernel updates are available; each contains another set of important fixes.
Some weekend stable kernel updates

The Software Freedom Conservancy has put out a blog postingon the history and current status of Tesla's GPL compliance issues. "We're thus glad that, this week, Tesla has acted publicly regarding its current GPL violations and has announced that they've taken their first steps toward compliance. While Tesla acknowledges that they still have more work to do, their recent actions show progress toward compliance and a commitment to getting all the way there."
The Software Freedom Conservancy on Tesla's GPL compliance

At the 2018 Linux Storage, Filesystem, and Memory-Management Summit, Andiry Xu presented the NOVA filesystem, which he is trying to get into the upstream kernel. Unlike existing kernel filesystems, NOVA exclusively targets non-volatile main memory (NVMM) rather than traditional block devices (disks or SSDs). In fact, it does not use the kernel's block layer at all and instead uses persistent memory mapped directly into the kernel address space.
[$] The NOVA filesystem

Brandon Williams writes about the new Git remote protocolthat will debut in the 2.18 release. "We recently rolled out support for protocol version 2 at Google and have seen a performance improvement of 3x for no-op fetches of a single branch on repositories containing 500k references. Protocol v2 has also enabled a reduction of 8x of the overhead bytes (non-packfile) sent from servers. A majority of this improvement is due to filtering references advertised by the server to the refs the client has expressed interest in."
Williams: Introducing Git protocol version 2

Version 8.1 of the Vim editoris available. "The main new feature of Vim 8.1 is support for running a terminal in a Vim window. This builds on top of the asynchronous features added in Vim 8.0."
Vim 8.1 released

In April, LWN looked at the new APIfor zero-copy reception of TCP data that had been merged into the net-next tree for the 4.18 development cycle. After that article was written, a couple of issues came to the fore that required some changes to the API for this feature. Those changes have been made and merged; read on for the details.
[$] A reworked TCP zero-copy receive API

Security updates have been issued by Arch Linux(curl and zathura-pdf-mupdf), Debian(libmad and vlc), openSUSE(enigmail), Red Hat(collectd, Red Hat OpenStack Platform director, and sensu), and SUSE(firefox, ghostscript, and mysql).
Security updates for Friday

Robert Haas writes about the sharding capabilitiesthat PostgreSQL will someday have. "The capabilities already added are independently useful, but I believe that some time in the next few years we're going to reach a tipping point. Indeed, I think in a certain sense we already have. Just a few years ago, there was serious debate about whether PostgreSQL would ever have built-in sharding. Today, the question is about exactly which features are still needed."
Haas: Built-in Sharding for PostgreSQL

PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
Vuln: PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability

PHP CVE-2018-10545 Security Bypass Vulnerability
Vuln: PHP CVE-2018-10545 Security Bypass Vulnerability

PHP Multiple Security Vulnerabilities
Vuln: PHP Multiple Security Vulnerabilities

Xen CVE-2018-10981 Local Denial of Service Vulnerability
Vuln: Xen CVE-2018-10981 Local Denial of Service Vulnerability

[SECURITY] [DSA 4206-1] gitlab security update
Bugtraq: [SECURITY] [DSA 4206-1] gitlab security update

Qualys Security Advisory - Procps-ng Audit Report
Bugtraq: Qualys Security Advisory - Procps-ng Audit Report

[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for
Bugtraq: [SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for

[SECURITY] [DSA 4204-1] imagemagick security update
Bugtraq: [SECURITY] [DSA 4204-1] imagemagick security update

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus