Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|Back in mid-1997, your editor (Jonathan Corbet) and Liz Coolbaugh were
engaged in a long-running discussion on how to trade our nice, stable,
reliably paying jobs for a life of uncertainty, poverty, and
around-the-clock work. Not that we thought of it in those terms,
naturally. We eventually settled on joining Red Hat's nascent "support
partner"program; while we were waiting for it to get started, we decided
to start a weekly newsletter as a side project ? not big and
professional like the real press ? to establish ourselves in the community.
Thus began an amazing journey that has just completed its 20th year.
|20 Years of LWN|
|As might have been expected from watching the commit stream, the 4.15
kernel is not ready for release, so we'll get 4.15-rc9 instead.
Linus said: "I really really wanted to just release 4.15 today, but things haven't
calmed down enough for me to feel comfy about it, and Davem tells me
he still has some networking fixes pending. Laura Abbott found and
fixed a very subtle boot bug introduced this development cycle only
yesterday, and it just didn't feel right to say that we're done."|
|No 4.15 final release today|
|Security updates have been issued by Debian(bind9, couchdb, lucene-solr, mysql-5.5, openocd, and php5), Mageia(gdk-pixbuf2.0, golang, and mariadb), openSUSE(curl, gd, ImageMagick, lxterminal, ncurses, newsbeuter, perl-XML-LibXML, and xmltooling), Oracle(kernel), and SUSE(xmltooling).
|Security updates for Monday|
switching to F-Droidfor Android apps.
"A polluted ocean of apps is plaguing Android, an operating system
built upon Free and Open-Source Software (FOSS) but now barely resembling
those venerable roots. Today, the average Android device is not only
susceptible to malware and trackers, it?s also heavily locked down and
loaded with proprietary components?characteristics that are hardly the
calling cards of the FOSS movement.
Though Android bears the moniker of open-source, the chain of trust between developers, distributors, and end-users is broken."|
|Android Users: To Avoid Malware, Try the F-Droid App Store (Wired)|
|The OpenSSL project has announceda number of changes to how the project is developed. These include
shutting down the openssl-dev mailing list in favor of discussing all
patches on GitHub and the addition of a new, read-only (for the world)
openssl-project list. "We are changing our release schedule so that
unless there are extenuating circumstances, security releases will go out
on a Tuesday, with the pre-notification being the previous Tuesday. We
don?t see a need to have people ready to sacrifice their weekend every time
a new CVE comes out."|
|OpenSSL development policy changes|
brief update from Greg Kroah-Hartmanon the kernel's handling of the
Meltdown and Spectre vulnerabilities. "This shows that my kernel is
properly mitigating the Meltdown problem by implementing PTI (Page Table
Isolation), and that my system is still vulnerable to the Spectre variant
1, but is trying really hard to resolve the variant 2, but is not quite
there (because I did not build my kernel with a compiler to properly
support the retpoline feature)."|
|Kroah-Hartman: Meltdown and Spectre Linux Kernel Status - Update|
|Linux?s deadline scheduler is a global early deadline first scheduler for
sporadic tasks with constrained deadlines. These terms were defined in the first part of this series. In this
installment, the details of the Linux deadline scheduler and how it can be
used will be examined.
|[$] Deadline scheduler part 2 ? details and usage|
|Security updates have been issued by Arch Linux(bind, irssi, nrpe, perl-xml-libxml, and transmission-cli), CentOS(java-1.8.0-openjdk), Debian(awstats, libgd2, mysql-5.5, rsync, smarty3, and transmission), Fedora(keycloak-httpd-client-install and rootsh), and Red Hat(java-1.7.0-oracle and java-1.8.0-oracle).
|Security updates for Friday|
|Git v2.16.0 is now available. "It is comprised of 509 non-merge
commits since v2.15.0, contributed by 91 people, 26 of which are new
faces."The release notes are included in the link below.
|Version 3.0of the
Wine Windows emulation layer has been released. "This release
represents a year of development effort and over 6,000 individual
changes."Most of the improvements seem to be around Direct3D
graphics, but it also now possible to package up Wine as an Android app;
see the release notesfor
|Wine 3.0 released|
|This is the second article of a series discussing various methods of
reducing the size of the Linux kernel to make it suitable for small
The first articleprovided a short rationale for this topic, and covered the link-time
garbage collection, also called the ld --gc-sectionsmethod. We've seen
that, though it is pretty straightforward, link-time garbage collection has
issues of its own when applied to the kernel, making achieving optimal
difficult than it is worth. In this article we'll have a look at what the
compiler itself can do using link-time optimization.
|[$] Shrinking the kernel with link-time optimization|
|Security updates have been issued by CentOS(linux-firmware and microcode_ctl), Fedora(icecat and transmission), Oracle(java-1.8.0-openjdk and microcode_ctl), Red Hat(java-1.8.0-openjdk), Scientific Linux(java-1.8.0-openjdk), Slackware(bind), SUSE(kernel), and Ubuntu(eglibc).
|Security updates for Thursday|
|The LWN.net Weekly Edition for January 18, 2018 is available.
|[$] LWN.net Weekly Edition for January 18, 2018|
|Prometheusis a monitoring tool
built from scratch by SoundCloud in 2012. It works by pulling metrics from
monitored services and storing them in a time series database (TSDB). It
has a powerful query language to inspect that database, create alerts, and
plot basic graphs. Those graphs can then be used to detect anomalies or
trends for (possibly automated) resource provisioning. Prometheus also has
extensive service discovery features and supports high availability
That's what the brochure says, anyway; let's see how it works in the hands
of an old grumpy system administrator. I'll be drawing comparisons
with Munin and Nagios frequently because those are the tools I have
used for over a decade in monitoring Unix clusters.
|[$] Monitoring with Prometheus 2.0|
|Greg Kroah-Hartman has released stable kernels 4.14.14, 4.9.77, 4.4.112, and 3.18.92. All of them contain important fixes
and users should upgrade.
|Four stable kernels|