Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|Worth a read: this
APNIC blog entryfrom Mark Nottingham on the near-term evolution of
various Internet protocols. "The newest change on the horizon is DOH ? DNS over HTTP. A significant amount of research has shown that networks commonly use DNS as a means of imposing policy (whether on behalf of the network operator or a greater authority).
Circumventing this kind of control with encryption has been discussed for a while, but it has a disadvantage (at least from some standpoints) ? it is possible to discriminate it from other traffic; for example, by using its port number to block access.
DOH addresses that by piggybacking DNS traffic onto an existing HTTP connection, thereby removing any discriminators."|
|Nottingham: Internet protocols are changing|
|"Load tracking"refers to the kernel's attempts to track how much load each
running process will put on the system's CPUs. Good load tracking can
yield reasonable predictions about the near-future demands on the system;
those, in turn, can be used to optimize the placement of processes and the
selection of CPU-frequency parameters. Obviously, poor load tracking will
lead to less-than-optimal results. While achieving perfection in load tracking
seems unlikely for now, it appears that it is possible to do better than
current kernels do. The utilization estimation
patch setfrom Patrick Bellasi is the latest in a series of efforts to
make the scheduler's load tracking work well with a wider variety of
|[$] Toward better CPU load estimation|
|Artifex Software, Inc. and Hancom, Inc. have announceda confidential agreement to settle their legal dispute. The case filed by
Artifex concerned the use of Artifex?s GPL licensed Ghostscript in Hancom's
office product. "While the parties had their differences in the interpretation of the open source license, the companies were able to reach an amicable resolution based on their mutual respect for and recognition of the copyright protection and the open source philosophy."|
|Artifex and Hancom Reach Settlement Over Ghostscript Open Source Dispute|
|A very early alpha version of the Elisa music player has been released.
"Elisa allows to browse music by album, artist or all tracks. The music is indexed using either a private indexer or an indexer using Baloo. The private one can be configured to scan music on chosen paths. The Baloo one is much faster because Baloo is providing all needed data from its own database. You can build and play your own playlist."|
|Elisa 0.0.80 Released|
|The Debian project has released updates to oldstable "jessie"and stable
"stretch". Debian 9.3"stretch"and Debian 8.10"jessie"are available with the
usual set of corrections for security issues and adjustments for serious
|Debian stable releases|
|Stable kernels 4.14.5, 4.9.68, 4.4.105, and 3.18.87have been released. They all contain
important fixes and users should upgrade.
|Four stable kernel updates|
|Security updates have been issued by CentOS(postgresql), Debian(firefox-esr, kernel, libxcursor, optipng, thunderbird, wireshark, and xrdp), Fedora(borgbackup, ca-certificates, collectd, couchdb, curl, docker, erlang-jiffy, fedora-arm-installer, firefox, git, linux-firmware, mupdf, openssh, thunderbird, transfig, wildmidi, wireshark, xen, and xrdp), Mageia(firefox and optipng), openSUSE(erlang, libXfont, and OBS toolchain), Oracle(kernel), Slackware(openssl), and SUSE(kernel and OBS toolchain).
|Security updates for Monday|
|The 4.15-rc3kernel prepatch is out.
"I'm not thrilled about how big the early 4.15 rc's are, but rc3 is
often the biggest rc because it's still fairly early in the
calming-down period, and yet people have had some time to start
finding problems. That said, this rc3 is big even by rc3 standards.
Not good."489 changesets were merged since 4.15-rc2.
|Kernel prepatch 4.15-rc3|
|The Let's Encrypt project, working
to encrypt as much web traffic as possible, looks
forwardto the coming year. "First, we?re planning to introduce
an ACME v2 protocol API endpoint and support for wildcard certificates
along with it. Wildcard certificates will be free and available globally
just like our other certificates. We are planning to have a public test API
endpoint up by January 4, and we?ve set a date for the full launch:
Tuesday, February 27."|
|Let's Encrypt looks forward to 2018|
|The Fedora Project's currently underway elections for the Fedora Council,
FESCo, and the Mindshare committee have been canceled due to some glitches in
making the interview material available. The project plans to get its act
together and retry the elections in early January.
|Fedora council elections canceled|
|Security updates have been issued by Arch Linux(chromium and vlc), Debian(erlang), Mageia(ffmpeg, tor, and wireshark), openSUSE(chromium, opensaml, openssh, openvswitch, and php7), Oracle(postgresql), Red Hat(chromium-browser, postgresql, rh-postgresql94-postgresql, rh-postgresql95-postgresql, and rh-postgresql96-postgresql), SUSE(firefox, java-1_6_0-ibm, opensaml, and xen), and Ubuntu(kernel, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-azure, linux-gcp, linux-hwe, linux-lts-trusty, linux-lts-xenial, linux-aws, and rsync).
|Security updates for Friday|
Digital Content Protection(or HDCP) is an Intel-designed
copy-protection mechanism for video and audio streams. It is a digital
rights management (DRM)
system of the type disliked by many in the Linux community. But does
that antipathy mean that Linux should not support HDCP? That question is
being answered ? probably in favor of support ? in a conversation underway
on the kernel mailing lists.
|[$] Kernel support for HDCP|
|At Opensource.com, Mike Bursell looks at blockchain securityfrom the angle of trust. Unlike cryptocurrencies, which are pseudonymous typically, other kinds of blockchains will require mapping users to real-life identities; that raises the trust issue.
"What's really interesting is that, if you're thinking about moving to a permissioned blockchain or distributed ledger with permissioned actors, then you're going to have to spend some time thinking about trust. You're unlikely to be using a proof-of-work system for making blocks?there's little point in a permissioned system?so who decides what comprises a "valid"block that the rest of the system should agree on? Well, you can rotate around some (or all) of the entities, or you can have a random choice, or you can elect a small number of über-trusted entities. Combinations of these schemes may also work.
If these entities all exist within one trust domain, which you control, then fine, but what if they're distributors, or customers, or partners, or other banks, or manufacturers, or semi-autonomous drones, or vehicles in a commercial fleet? You really need to ensure that the trust relationships that you're encoding into your implementation/deployment truly reflect the legal and IRL [in real life] trust relationships that you have with the entities that are being represented in your system.
And the problem is that, once you've deployed that system, it's likely to be very difficult to backtrack, adjust, or reset the trust relationships that you've designed."|
|Is blockchain a security topic? (Opensource.com)|
|Security updates have been issued by CentOS(firefox, java-1.7.0-openjdk, kernel, liblouis, qemu-kvm, sssd, and thunderbird), Debian(heimdal and nova), openSUSE(shibboleth-sp), Oracle(java-1.7.0-openjdk), Red Hat(Red Hat OpenShift Enterprise), Scientific Linux(openafs), SUSE(kernel), and Ubuntu(rsync).
|Security updates for Thursday|
|The LWN.net Weekly Edition for December 7, 2017 is available.
|[$] LWN.net Weekly Edition for December 7, 2017|