Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Worth a read: this APNIC blog entryfrom Mark Nottingham on the near-term evolution of various Internet protocols. "The newest change on the horizon is DOH ? DNS over HTTP. A significant amount of research has shown that networks commonly use DNS as a means of imposing policy (whether on behalf of the network operator or a greater authority). Circumventing this kind of control with encryption has been discussed for a while, but it has a disadvantage (at least from some standpoints) ? it is possible to discriminate it from other traffic; for example, by using its port number to block access. DOH addresses that by piggybacking DNS traffic onto an existing HTTP connection, thereby removing any discriminators."
Nottingham: Internet protocols are changing

"Load tracking"refers to the kernel's attempts to track how much load each running process will put on the system's CPUs. Good load tracking can yield reasonable predictions about the near-future demands on the system; those, in turn, can be used to optimize the placement of processes and the selection of CPU-frequency parameters. Obviously, poor load tracking will lead to less-than-optimal results. While achieving perfection in load tracking seems unlikely for now, it appears that it is possible to do better than current kernels do. The utilization estimation patch setfrom Patrick Bellasi is the latest in a series of efforts to make the scheduler's load tracking work well with a wider variety of workloads.
[$] Toward better CPU load estimation

Artifex Software, Inc. and Hancom, Inc. have announceda confidential agreement to settle their legal dispute. The case filed by Artifex concerned the use of Artifex?s GPL licensed Ghostscript in Hancom's office product. "While the parties had their differences in the interpretation of the open source license, the companies were able to reach an amicable resolution based on their mutual respect for and recognition of the copyright protection and the open source philosophy."
Artifex and Hancom Reach Settlement Over Ghostscript Open Source Dispute

A very early alpha version of the Elisa music player has been released. "Elisa allows to browse music by album, artist or all tracks. The music is indexed using either a private indexer or an indexer using Baloo. The private one can be configured to scan music on chosen paths. The Baloo one is much faster because Baloo is providing all needed data from its own database. You can build and play your own playlist."
Elisa 0.0.80 Released

The Debian project has released updates to oldstable "jessie"and stable "stretch". Debian 9.3"stretch"and Debian 8.10"jessie"are available with the usual set of corrections for security issues and adjustments for serious problems.
Debian stable releases

Stable kernels 4.14.5, 4.9.68, 4.4.105, and 3.18.87have been released. They all contain important fixes and users should upgrade.
Four stable kernel updates

Security updates have been issued by CentOS(postgresql), Debian(firefox-esr, kernel, libxcursor, optipng, thunderbird, wireshark, and xrdp), Fedora(borgbackup, ca-certificates, collectd, couchdb, curl, docker, erlang-jiffy, fedora-arm-installer, firefox, git, linux-firmware, mupdf, openssh, thunderbird, transfig, wildmidi, wireshark, xen, and xrdp), Mageia(firefox and optipng), openSUSE(erlang, libXfont, and OBS toolchain), Oracle(kernel), Slackware(openssl), and SUSE(kernel and OBS toolchain).
Security updates for Monday

The 4.15-rc3kernel prepatch is out. "I'm not thrilled about how big the early 4.15 rc's are, but rc3 is often the biggest rc because it's still fairly early in the calming-down period, and yet people have had some time to start finding problems. That said, this rc3 is big even by rc3 standards. Not good."489 changesets were merged since 4.15-rc2.
Kernel prepatch 4.15-rc3

The Let's Encrypt project, working to encrypt as much web traffic as possible, looks forwardto the coming year. "First, we?re planning to introduce an ACME v2 protocol API endpoint and support for wildcard certificates along with it. Wildcard certificates will be free and available globally just like our other certificates. We are planning to have a public test API endpoint up by January 4, and we?ve set a date for the full launch: Tuesday, February 27."
Let's Encrypt looks forward to 2018

The Fedora Project's currently underway elections for the Fedora Council, FESCo, and the Mindshare committee have been canceled due to some glitches in making the interview material available. The project plans to get its act together and retry the elections in early January.
Fedora council elections canceled

Security updates have been issued by Arch Linux(chromium and vlc), Debian(erlang), Mageia(ffmpeg, tor, and wireshark), openSUSE(chromium, opensaml, openssh, openvswitch, and php7), Oracle(postgresql), Red Hat(chromium-browser, postgresql, rh-postgresql94-postgresql, rh-postgresql95-postgresql, and rh-postgresql96-postgresql), SUSE(firefox, java-1_6_0-ibm, opensaml, and xen), and Ubuntu(kernel, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-azure, linux-gcp, linux-hwe, linux-lts-trusty, linux-lts-xenial, linux-aws, and rsync).
Security updates for Friday

High-bandwidth Digital Content Protection(or HDCP) is an Intel-designed copy-protection mechanism for video and audio streams. It is a digital rights management (DRM) system of the type disliked by many in the Linux community. But does that antipathy mean that Linux should not support HDCP? That question is being answered ? probably in favor of support ? in a conversation underway on the kernel mailing lists.
[$] Kernel support for HDCP

At, Mike Bursell looks at blockchain securityfrom the angle of trust. Unlike cryptocurrencies, which are pseudonymous typically, other kinds of blockchains will require mapping users to real-life identities; that raises the trust issue. "What's really interesting is that, if you're thinking about moving to a permissioned blockchain or distributed ledger with permissioned actors, then you're going to have to spend some time thinking about trust. You're unlikely to be using a proof-of-work system for making blocks?there's little point in a permissioned system?so who decides what comprises a "valid"block that the rest of the system should agree on? Well, you can rotate around some (or all) of the entities, or you can have a random choice, or you can elect a small number of über-trusted entities. Combinations of these schemes may also work. If these entities all exist within one trust domain, which you control, then fine, but what if they're distributors, or customers, or partners, or other banks, or manufacturers, or semi-autonomous drones, or vehicles in a commercial fleet? You really need to ensure that the trust relationships that you're encoding into your implementation/deployment truly reflect the legal and IRL [in real life] trust relationships that you have with the entities that are being represented in your system. And the problem is that, once you've deployed that system, it's likely to be very difficult to backtrack, adjust, or reset the trust relationships that you've designed."
Is blockchain a security topic? (

Security updates have been issued by CentOS(firefox, java-1.7.0-openjdk, kernel, liblouis, qemu-kvm, sssd, and thunderbird), Debian(heimdal and nova), openSUSE(shibboleth-sp), Oracle(java-1.7.0-openjdk), Red Hat(Red Hat OpenShift Enterprise), Scientific Linux(openafs), SUSE(kernel), and Ubuntu(rsync).
Security updates for Thursday

The Weekly Edition for December 7, 2017 is available.
[$] Weekly Edition for December 7, 2017

Fortinet FortiOS CVE-2017-7738 Information Disclosure Vulnerability
Vuln: Fortinet FortiOS CVE-2017-7738 Information Disclosure Vulnerability

SAP NetWeaver CVE-2017-16678 SSRF Security Bypass Vulnerability
Vuln: SAP NetWeaver CVE-2017-16678 SSRF Security Bypass Vulnerability

SAP BusinessObjects Business Intelligence Platform CVE-2017-16683 Denial of Service Vulnerability
Vuln: SAP BusinessObjects Business Intelligence Platform CVE-2017-16683 Denial of Service Vulnerability

SAP BW Universal Data Integration CVE-2017-16685 Cross Site Scripting Vulnerability
Vuln: SAP BW Universal Data Integration CVE-2017-16685 Cross Site Scripting Vulnerability

Advisory - Fisheye and Crucible - CVE-2017-14591
Bugtraq: Advisory - Fisheye and Crucible - CVE-2017-14591

[SECURITY] [DSA 4062-1] firefox-esr security update
Bugtraq: [SECURITY] [DSA 4062-1] firefox-esr security update

[SECURITY] [DSA 4061-1] thunderbird security update
Bugtraq: [SECURITY] [DSA 4061-1] thunderbird security update

[SECURITY] [DSA 4060-1] wireshark security update
Bugtraq: [SECURITY] [DSA 4060-1] wireshark security update

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus