Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|The Tor Browser Team has announced
the releaseof Tor browser 6.0. This release brings the browser
up-to-date with Firefox 45-ESR, which provides better support for HTML5
video on Youtube, as well as a host of other improvements. DuckDuckGo is
now the default search engine. "Lately, we got a couple of comments on our blog and via email wondering why we are now using DuckDuckGo as the default search engine and not Disconnect anymore. Well, we still use Disconnect. But for a while now Disconnect has no access to Google search results anymore which we used in Tor Browser. Disconnect being more a meta search engine which allows users to choose between different search providers fell back to delivering Bing search results which were basically unacceptable quality-wise. While Disconnect is still trying to fix the situation we asked them to change the fallback to DuckDuckGo as their search results are strictly better than the ones Bing delivers."|
|Tor Browser 6.0 is released|
|Arch Linuxhas updated chromium(multiple vulnerabilities).
CentOShas updated ntp(C7; C6:
multiple vulnerabilities), openssl(C5:
code execution), squid(C7; C6: multiple vulnerabilities), and squid34(C6: multiple vulnerabilities).
Debianhas updated gdk-pixbuf(two vulnerabilities) and symfony(two vulnerabilities).
Debian-LTShas updated eglibc(multiple vulnerabilities), libtasn1-3(denial of service), openafs(multiple
vulnerabilities), pdns(insecure database
permissions), phpmyadmin(regression in
previous update), postgresql-9.1(multiple
vulnerabilities), ruby-activerecord-3.2(restriction bypass), and wireshark(multiple vulnerabilities).
Fedorahas updated bugzilla(F23; F22:
cross-site scripting), kf5-kinit(F23:
insecure permissions), libarchive(F22:
code execution), libimobiledevice(F23:
sockets listening on INADDR_ANY), libusbmuxd(F23: sockets listening on
INADDR_ANY), php(F23: two
vulnerabilities), qemu(F23: multiple
vulnerabilities), webkitgtk4(F23: two
vulnerabilities), and xen(F23; F22: privilege escalation).
Gentoohas updated libfpx(denial of service), nss(multiple vulnerabilities), pam(multiple vulnerabilities), and rsync(multiple vulnerabilities).
Mageiahas updated botan(two vulnerabilities), docker(privilege escalation), mediawiki(multiple vulnerabilities), and phpmyadmin(cross-site scripting).
openSUSEhas updated Chromium(SPH for SLE12; Leap42.1: multiple vulnerabilities), expat(13.2: two vulnerabilities), libxml2(13.2: two vulnerabilities), libxslt(13.2: denial of service), phpMyAdmin(Leap42.1, 13.2: cross-site
scripting), redis(Leap42.1, 13.2: denial
of service), and samba(13.2:
Red Hathas updated ntp(RHEL6,7:
multiple vulnerabilities), openssl(RHEL5:
code execution), python27(RHSCL2.2:
multiple vulnerabilities), squid(RHEL7; RHEL6:
multiple vulnerabilities), and squid34(RHEL6: multiple vulnerabilities).
Slackwarehas updated imagemagick(shell vulnerability), libxml2(three vulnerabilities), libxslt(denial of service), thunderbird(multiple vulnerabilities), and php(multiple vulnerabilities).
SUSEhas updated Xen(SLES10-SP4:
|Security updates for Tuesday|
|Qubes founder Joanna Rutkowska writes about how Qubes
works to avoid building compromised softwareinto its distribution.
"Ultimately, we would like to introduce a multiple-signature scheme,
in which several developers (from different countries, social circles,
etc.) can sign Qubes-produced binaries and ISOs. Then, an adversary would
have to compromise all the build locations in order to get backdoored
versions signed. For this to happen, we need to make the build process
deterministic (i.e. reproducible). Yet, this task still seems to be years
ahead of us."|
|Rutkowska: Security challenges for the Qubes build process|
3.0 of the Krita painting applicationhas been released.
"Wrapping up a year of work, this is a really big release: animation
support integrated into Krita?s core, Instant Preview for better
performance painting and drawing with big brushes on big canvases, ported
to the latest version of the Qt platform and too many bigger and smaller
new features and improvements to mention!".
|Krita 3.0 released|
|Linus has released 4.7-rc1and closed the
merge window for this release, saying "this time around we have
a fairly big change to the vfs layer that allows filesystems (if they
buy into it) to do readdir() and path component lookup in parallel
within the same directory.
That's probably the biggest conceptual vfs change we've had since we
started doing cached pathname lookups using RCU."The code name has
been changed to "Psychotic Stoned Sheep."|
|Kernel prepatch 4.7-rc1|
|Ars technica is carrying an
editorial from Oracle's attorneyin its fight with Google; it would
seem that this ruling is the end of the world.
"It is hard to see how GPL can survive such a result. In fact, it is
hard to see how ownership of a copy of any software protected by copyright
can survive this result. Software businesses now must accelerate their move
to the cloud where everything can be controlled as a service rather than
software. Consumers can expect to find decreasing options to own anything
for themselves, decreasing options to control their data, decreasing
options to protect their privacy."|
|Oracle attorney says Google?s court victory might kill the GPL (ars technica)|
|At its blog, the Open Source Initiative (OSI) announcesthe deployment of "a machine readable publication of OSI approved licenses"accessible via api.opensource.org. The service is designed to "store a central list of crosswalks and common identifiers to other services, allowing third parties who are already license-aware to provide their mappings, and pull OSI approval status programatically."Programs can query a license by its Software Package Data Exchange(SPDX) ID and determine whether or not it is OSI-approved. API wrappers are available for Python, Ruby, and Go.
|OSI: Announcing the Open Source License API|
|Arch Linuxhas updated libxml2(multiple vulnerabilities).
Debianhas updated libgd2(multiple vulnerabilities).
Fedorahas updated jenkins(F23; F22: multiple vulnerabilities).
openSUSEhas updated docker(13.2: privilege escalation), libreoffice(13.2: multiple vulnerabilities), ntp(13.2: multiple vulnerabilities), and systemd(Leap 42.1: multiple vulnerabilities).
Ubuntuhas updated eglibc,
glibc(12.04, 14.04, 15.10: multiple vulnerabilities; regression).
|Friday's security updates|
|Worth a read: this
paper [PDF]From Kaiyuan Yang et al. on how an analog back door can be
placed into a hardware platform like a CPU. "In this paper, we show
how a fabrication-time attacker can leverage analog circuits to create a
hardware attack that is small (i.e., requires as little as one gate) and
stealthy (i.e., requires an unlikely trigger sequence before effecting
chip?s functionality). In the open spaces of an already placed and routed
design, we construct a circuit that uses capacitors to siphon charge from
nearby wires as they transition between digital values. When the capacitors
fully charge, they deploy an attack that forces a victim flip-flop to a
desired value. We weaponize this attack into a remotely-controllable
privilege escalation by attaching the capacitor to a wire controllable and
by selecting a victim flip-flop that holds the privilege bit for our
|Analog malicious hardware|
|Ars technica reportsthat Google has prevailed against Oracle in its court battle over the use
of the Java APIs in Android. "There was only one question on the
special verdict form, asking if Google's use of the Java APIs was a 'fair
use' under copyright law. The jury unanimously answered 'yes,' in Google's
favor. The verdict ends the trial, which began earlier this month."|
|Google beats Oracle?Android makes ?fair use? of Java APIs (ars technica)|
|Debian-LTShas updated bozohttpd(two vulnerabilities, one from 2014), ruby-mail(SMTP injection), and xymon(multiple vulnerabilities). Also, the Debian-LTS team has announcedthat some packages will not be
supported (libv8, mediawiki, sogo, and vlc) for Debian 7 ("wheezy"),
so users of those should upgrade to Debian 8 ("jessie").
Red Hathas updated rh-mariadb100-mariadb(RHSC: many vulnerabilities).
Ubuntuhas updated eglibc, glibc(15.10, 14.04, 12.04: multiple vulnerabilities, some from 2013 and 2014)
and samba(16.04, 15.10, 14.04: regression
in previous security fix).
|Security updates for Thursday|
|The LWN.net Weekly Edition for May 26, 2016 is available.
|[$] LWN.net Weekly Edition for May 26, 2016|
|Arch Linuxhas updated libndp(man-in-the-middle attacks).
Fedorahas updated kernel(F22:
Red Hathas updated jq(RHOSP8:
Slackwarehas updated libarchive(code execution).
Ubuntuhas updated php5, php7.0(multiple vulnerabilities).
|Security advisories for Wednesday|
|By all accounts, the Internet's transition to IPv6 has been a slow affair.
In recent years, though, perhaps inspired by the exhaustion of the IPv4
address space, IPv6 usage has been on the
rise. There is a corresponding interest in ensuring that applications
work with both IPv4 and IPv6. But, as a recent discussion on the OpenBSD
mailing list has highlighted, a mechanism designed to ease the transition to an
IPv6 network may also make the net less secure ? and Linux distributions
may be configured insecurely by default.
|[$] Should distributors disable IPv4-mapped IPv6?|
|On the Tor blog, Nick Mathewson reportson an informal survey he did for "severe"bugs in Torover the last few years. It breaks down the 70 bugs he found into different categories that are correlated with some recommendations for ways to try to avoid them in the future. For example: "Recommendation 5.1: all backward compatibility code should have a timeout date.
On several occasions we added backward compatibility code to keep an old version of Tor working, but left it enabled for longer than we needed to. This code has tended not to get the same regular attention it deserves, and has also tended to hold surprising deviations from the specification. We should audit the code that's there today and see what we can remove, and we should never add new code of this kind without adding a ticket and a comment planning to remove it."Many of the recommendations are likely applicable to other projects.
|Mathewson: Mid-2016 Tor bug retrospective, with lessons for future coding|