Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|The LWN.net Weekly Edition for July 28, 2016 is available.
|[$] LWN.net Weekly Edition for July 28, 2016|
|A few years ago, the hardware vendor Yubico made a bit of a splash
when it introduced its YubiKey line of inexpensive hardware security
tokens powered by open-source software. With its most recent product
release, however, Yubico has dropped open source and started deploying only
proprietary software in its devices. Consequently, many community
members have started looking for a viable replacement that will adhere
to open-source principles. At present, one of the leading contenders
for Yubico's departed customers is Nitrokey, which manufactures a line
of hardware tokens capable of generating one-time passwords (OTPs),
storing and using OpenPGP keys, and several other features. The
devices made by Nitrokey run open-source software and are open hardware
|[$] One-time passwords and GnuPG with Nitrokey|
|Greg Kroah-Hartman has released stable kernels 4.6.5, 4.4.16,
and 3.14.74. All of them contain important
|Stable kernel updates|
|Shari Steele has posted a statement from the
Tor projecton the results of an investigation into the allegations of
harassment (and worse) within Tor and how the project will respond. "I am
pleased, therefore, to announce that both the Tor Project and the Tor
community are taking active steps to strengthen our ability to handle
problems of unprofessional behavior. Specifically, the Tor Project has
created an anti-harassment policy, a conflicts of interest policy,
procedures for submitting complaints, and an internal complaint review
process. They were recently approved by Tor?s board of directors, and they
will be rolled out internally this week."|
|A statement from the Tor project|
|CentOShas updated java-1.7.0-openjdk(C7; C6; C5: multiple vulnerabilities), samba(C7: crypto downgrade), and samba4(C6: crypto downgrade).
Debianhas updated libgd2(denial of service), mariadb-10.0(multiple vulnerabilities), and php5(multiple vulnerabilities).
Debian-LTShas updated libgd2(denial of service).
Mageiahas updated apache(HTTP
vulnerabilities), mupdf(denial of service), php/xmlrpc-epi/timezone(multiple vulnerabilities), sudo(race condition), tomcat/apache-commons-fileupload(denial of service), and virtualbox(allows local users to affect availability).
Red Hathas updated java-1.7.0-openjdk(RHEL5,6,7: multiple
vulnerabilities) and kernel(RHEL6.7:
Scientific Linuxhas updated samba(SL7: crypto downgrade) and samba4(SL6: crypto downgrade).
Ubuntuhas updated kde4libs(15.10, 14.04, 16.04: command execution) and openjdk-8(16.04: multiple vulnerabilities).
|Security advisories for Wednesday|
|Harald Sitter reportson a discussion at recent sprint focused on making Snap packaging useful
for KDE. "Shipping things users can use on Linux has been a pain in the rear
since forever and these bundles are meant to change that. As such we
as KDE should have a strong interest and presence in this field in the
hopes of shaping a future that is useful to us. After all, we are one
of the biggest source distributors, and the primary reason we don't
also offer generic binary packages of our applications is because this
never scaled and was altogether terrible to pull off from a KDE point
of view."He and Scarlett Clark are working on some
high level mass automation of snap building on top of KDE Neon's existing
deb binaries. (Thanks to Jos van den Oever)
|Sitter: Snappy sprint reporty musing|
|Debianhas updated ntp(multiple vulnerabilities).
Debian-LTShas updated cacti(three vulnerabilities), dietlibc(insecure default PATH), gosa(code injection), ntp(multiple vulnerabilities), squid(cache poisoning), and uclibc(three vulnerabilities).
Oraclehas updated samba(OL7:
crypto downgrade) and samba4(OL6: crypto downgrade).
Red Hathas updated chromium-browser(RHEL6: multiple
vulnerabilities), samba(RHEL7: crypto
downgrade), and samba4(RHEL6: crypto downgrade).
|Tuesday's security updates|
|OpenVZ 7.0 has been released.
The new release focuses on merging OpenVZ and Virtuozzo source codebase and
replacing its hypervisor with KVM. There are many other improvements and
new features in container management and more.
|OpenVZ 7.0 released|
a lookat the upcoming OpenBSD 6.0 release. "Most significant among the latest security-related changes for OpenBSD is the removal of Linux emulation support. Prior versions of OpenBSD made it possible to run Linux applications by way of a compatibility layer, but the release notes for OpenBSD 6.0 indicate the Linux subsystem was removed as a "security improvement.""|
|The newest version of OpenBSD closes potential security loopholes (InfoWorld)|
|Arch Linuxhas updated chromium(multiple vulnerabilities), python-django(cross-site scripting), and python2-django(cross-site scripting).
Debianhas updated openssh(user
enumeration via timing side-channel), perl(two vulnerabilities), and phpmyadmin(multiple vulnerabilities).
Debian-LTShas updated squid3(denial of service).
Fedorahas updated ca-certificates(F24: certificate update), gd(F24: multiple vulnerabilities), httpd(F24: HTTP redirect),
kf5-karchive(F24; F23: command execution, over a hundred
related KDE Frameworks packages were included in this update), libgcrypt(F24: key leak), libidn(F24: multiple vulnerabilities), libvirt(F24: authentication bypass), and mingw-gnutls(F24: certificate verification vulnerability).
openSUSEhas updated Chromium(SPH for SLE12; Leap42.1; 13.2:
multiple vulnerabilities) and gnugk(Leap42.1, 13.2: denial of service).
Red Hathas updated mariadb55-mariadb(RHSCL: many
vulnerabilities) and mysql55-mysql(RHSCL:
Slackwarehas updated bind(denial of service).
|Security advisories for Monday|
|Linus has returned from his travels and releasedthe 4.7 kernel. The most significant
changes in this release include
the tracing histogramsfeature,
in-kernel tracing analysis via the ability to attach BPF programsto tracepoints,
the LoadPin security module,
better out-of-memory detection,
faster filesystem operations with parallel
the schedutil CPU frequency governor, and
more. See the KernelNewbies
4.7 pagefor lots of details.
|The 4.7 kernel is out|
|At his blog, Matthias Clasen exploresthe recent enhancements to the the classic GNU gettext utility.
Thanks in large part to new maintainer Daiki Ueno, gettext now
understands many more file formats—thus enabling developers to easily
extract strings from a wide variety of source files for translation.
In addition to programming languages, Clasen notes, gettext
understands .desktop files, GSettings schemas, GtkBuilder ui files,
and Appdata files. "If you don?t want to wait for your favorite format to come with built-in its support, you can also include its files with your application; gettext will look for such files in $XDG_DATA_DIRS/gettext/its/."|
|Clasen: Using modern gettext|
|Arch Linuxhas updated drupal(proxy injection).
Debianhas updated mysql-5.5(multiple vulnerabilities) and squid3(multiple vulnerabilities).
Debian-LTShas updated python-django(cross-site scripting).
openSUSEhas updated p7zip(13.1: code execution).
Slackwarehas updated gimp(14.0, 14.1, 14.2: code execution) and php(14.0, 14.1, 14.2: multiple vulnerabilities).
Ubuntuhas updated mysql-5.5,
mysql-5.6, mysql-5.7(12.04, 14.04, 15.10, 16.04: multiple vulnerabilities).
|Friday's security updates|
|The Electronic Frontier Foundation (EFF) has announcedthat it is suing the US government over provisions in the Digital Millennium Copyright Act (DMCA). The suit has been filed on behalf of Andrew "bunnie"Huang, who has a blog postdescribing the reasons behind the suit. The EFF also explained why these DMCA provisions should be ruled unconstitutional:
"These provisions?contained in Section 1201 of the DMCA?make it unlawful for people to get around the software that restricts access to lawfully-purchased copyrighted material, such as films, songs, and the computer code that controls vehicles, devices, and appliances. This ban applies even where people want to make noninfringing fair uses of the materials they are accessing.
Ostensibly enacted to fight music and movie piracy, Section 1201 has long served to restrict people?s ability to access, use, and even speak out about copyrighted materials?including the software that is increasingly embedded in everyday things. The law imposes a legal cloud over our rights to tinker with or repair the devices we own, to convert videos so that they can play on multiple platforms, remix a video, or conduct independent security research that would reveal dangerous security flaws in our computers, cars, andmedical devices. It criminalizes the creation of tools to let people access and use those materials."|
|EFF Lawsuit Takes on DMCA Section 1201: Research and Technology Restrictions Violate the First Amendment|
|Arch Linuxhas updated bind(denial of service).
CentOShas updated java-1.8.0-openjdk(C7; C6: multiple vulnerabilities).
Debian-LTShas updated libarchive(multiple vulnerabilities, most from 2015).
Fedorahas updated openssh(F24:
user enumeration via timing side-channel) and p7zip(F24: two code execution flaws).
openSUSEhas updated dhcp(42.1:
denial of service).
Oraclehas updated java-1.8.0-openjdk(OL7; OL6: multiple vulnerabilities).
Red Hathas updated java-1.6.0-sun(multiple vulnerabilities), java-1.7.0-oracle(multiple vulnerabilities), java-1.8.0-oracle(RHEL6&7: multiple vulnerabilities), and
openstack-neutron(RHOSP8; RHOSP7: three vulnerabilities, one from 2015).
Scientific Linuxhas updated java-1.8.0-openjdk(SL6&7: multiple vulnerabilities).
SUSEhas updated obs-service-source_validator(SLE12: code execution).
|Security updates for Thursday|