Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|Lubomir Rintel takes
a lookat new features in NetworkManager 1.4. "It is now possible to randomize the MAC address of Ethernet devices to mitigate possibility of tracking. The users can choose between different policies; use a completely random address, or just use different addresses in different networks. For Wi-Fi devices, the same randomization modes are now supported and does no longer require support from wpa-supplicant."Also a newly added API for using configuration snapshots that automatically
roll back after a timeout, IPv6 tokenized interface identifiers can be
configured, new features in nmcli, and more are covered. (Thanks
to Paul Wise)
|Rintel: NetworkManager 1.4: with better privacy and easier to use|
|Fedorahas updated eog(F23: out-of-bounds write).
openSUSEhas updated ImageMagick(Leap42.1: three vulnerabilities).
Red Hathas updated qemu-kvm-rhev(RHOSP9: two vulnerabilities) and Red Hat
OpenShift Enterprise 2.2.10(RHOSE: multiple vulnerabilities).
Ubuntuhas updated eog(out-of-bounds write), harfbuzz(16.04,
14.04: two vulnerabilities), and libidn(multiple vulnerabilities).
|Thursday's security updates|
|The LWN.net Weekly Edition for August 25, 2016 is available.
|[$] LWN.net Weekly Edition for August 25, 2016|
|On August 25, 1991, an obscure student in Finland named Linus Benedict
a messageto the comp.os.minix Usenet newsgroup saying that he was
working on a free operating system as a project to learn about the x86
architecture. He cannot possibly have known that he was launching a
project that would change the computing industry in fundamental ways.
Twenty-five years later, it is fair to say that none of us foresaw where
Linux would go ? a lesson that should be taken to heart when trying to
imagine where it might go from here.
|[$] 25 Years of Linux ? so far|
|The Gentoo community is mourning
the loss of Jonathan Portnoy. "Jon was an active member of the
International Gentoo community, almost since its founding in 1999. He was
still active until his last day. His passing has struck us deeply and with
disbelief. We all remember him as a vivid and enjoyable person, easy to
reach out to and energetic in all his endeavors."|
|In Memory of Jonathan ?avenj? Portnoy|
|CentOShas updated kernel(C6: TCP injection).
Debian-LTShas updated libgcrypt11(flawed random number generation).
Fedorahas updated eog(F24:
kernel(F23: use-after-free), mariadb(F23: multiple vulnerabilities), mingw-lcms2(F24: heap memory leak), postgresql(F23: multiple vulnerabilities), and python(F23: proxy injection).
openSUSEhas updated libidn(Leap 42.1: multiple vulnerabilities) and kernel(13.2: multiple vulnerabilities).
Oraclehas updated kernel(O6: TCP injection).
Red Hathas updated kernel(RHEL 7.1: multiple vulnerabilities; RHEL6: TCP injection)
and qemu-kvm-rhev(RHOSP8: multiple vulnerabilities).
Scientific Linuxhas updated kernel(SL6: TCP injection).
Slackwarehas updated gnupg(flawed random number generation), kernel(14.2: TCP injection), and libgcrypt(flawed random number generation).
|Wednesday's security updates|
|Version 5.0.0 of the KDevelop integrated development environment (IDE) has been released, marking the end of a two-year development cycle. The highlight is a move to Clang for C and C++ support: "The most prominent change certainly is the move away from our own, custom C++ analysis engine. Instead, C and C++ code analysis is now performed by clang."The announcement goes on to describe other benefits of using Clang, such as more accurate diagnostics and suggested fixes for many syntax errors. KDevelop has also been ported to KDE Frameworks 5 and Qt 5, which opens up the possibility of Windows releases down the line.
|KDevelop 5.0 released|
|Arch Linuxhas updated libgcrypt(information disclosure).
Fedorahas updated kernel(F24: use-after-free vulnerability), pagure(F24: cross-site scripting), and postgresql(F24: multiple vulnerabilities).
Red Hathas updated qemu-kvm-rhev(RHEL7 OSP5; RHEL7 OSP7; RHEL6 OSP5; RHEL7 OSP6:
SUSEhas updated MozillaFirefox(SLE12: multiple vulnerabilities).
|Tuesday's security updates|
|Google has announcedthat the Android 7.0 release has started rolling out to recent-model Nexus
devices. "It introduces a brand new JIT/AOT compiler to improve
software performance, make app installs faster, and take up less
storage. It also adds platform support for Vulkan, a low-overhead,
cross-platform API for high-performance, 3D graphics. Multi-Window support
lets users run two apps at the same time, and Direct Reply so users can
reply directly to notifications without having to open the app. As always,
Android is built with powerful layers of security and encryption to keep
your private data private, so Nougat brings new features like File-based
encryption, seamless updates, and Direct Boot."See this pagefor a video-heavy description of new features.
|Android 7.0 "Nougat"released|
|Greg Kroah-Hartman has announced the release of the 4.7.2, 4.4.19,
and 3.14.77stable kernels. As usual, they
contain fixes throughout the tree and users of those series should upgrade.
|Stable kernels 4.7.2, 4.4.19, and 3.14.77|
|Arch Linuxhas updated linux-lts(connection hijacking).
CentOShas updated kernel(C7:
Debian-LTShas updated cracklib2(code execution) and suckless-tools(screen
Fedorahas updated firewalld(F24: authentication bypass), glibc(F24:
denial of service on armhfp), knot(F24; F23:
denial of service), libgcrypt(F24: bad
random number generation), and perl(F23:
openSUSEhas updated apache2-mod_fcgid(42.1, 13.2: proxy
injection), gd(13.2: multiple
42.1, 13.2: denial of service), pdns(42.1, 13.2: denial of service), python3(42.1, 13.2: multiple
vulnerabilities), roundcubemail(42.1; 13.2; 13.1: multiple vulnerabilities, two from
2015), and typo3-cms-4_7(42.1, 13.2: three
vulnerabilities from 2013 and 2014).
Scientific Linuxhas updated kernel(SL7: connection hijacking) and python(SL6&7: three vulnerabilities).
|Monday's security advisories|
|The 4.8-rc3kernel prepatch is out.
"It all looks pretty sane, I'm not seeing anything hugely scary
|Kernel prepatch 4.8-rc3|
|The Fedora engineering steering committee has agreedthat the
upcoming Fedora 25 release should use the Wayland display manager by
default. "There are still some bugs that are important to
solve. However, there is still time to work on them. And the legacy Xorg
session option will not be removed, and will be clearly documented how to
fallback in cases where users need it."If this plan holds, it may
be an important step in the long-awaited move away from the X Window
|Fedora 25 to run Wayland by default|
|The kdenlive video editor project has announced the
16.08.0 release. "Kdenlive 16.08.0 marks a milestone in the
project?s history bringing it a step closer to becoming a full-fledged
professional tool."Highlights include three-point editing,
pre-rendering of timeline effects, Krita image support, and more.
|kdenlive 16.08.0 released|
|CentOShas updated python(C7; C6: multiple vulnerabilities).
Fedorahas updated ca-certificates(F24: update to CA certificates) and spice(F23: multiple vulnerabilities).
Oraclehas updated kernel(O7: TCP injection) and python(O7; O6: multiple vulnerabilities).
Red Hathas updated kernel(RHEL7; RHEL6:
kernel-rt(RHEL7: TCP injection), python(RHEL 6,7: multiple vulnerabilities), python27-python(RHSC: multiple vulnerabilities), python33-python(RHSC: multiple vulnerabilities), realtime-kernel(RHEM2.5: TCP injection), rh-mariadb101-mariadb(RHSC: multiple vulnerabilities), rh-python34-python(RHSC: multiple vulnerabilities), and rh-python35-python(RHSC: multiple vulnerabilities).
SUSEhas updated the Linux
Kernel(SLE12: multiple vulnerabilities) and xen(SLE11: multiple vulnerabilities).
Ubuntuhas updated gnupg(12.04, 14.04, 16.04: flawed random-number generation), libgcrypt11, libgcrypt20(12.04, 14.04,
16.06: flawed random-number generation),
and postgresql-9.1, postgresql-9.3,
postgresql-9.5(12.04, 14.04, 16.04: multiple vulnerabilities).
|Friday's security updates|