Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|Here is a
lengthy and detailed lookfrom Google's Project Zero at the trusted
execution environments that, one hopes, protect devices from compromise.
"In this blog post we?ll explore the security properties of the two
major TEEs present on Android devices. We?ll see how, despite their highly
sensitive vantage point, these operating systems currently lag behind
modern operating systems in terms of security mitigations and
practices. Additionally, we?ll discover and exploit a major design issue
which affects the security of most devices utilising both
platforms. Lastly, we?ll see why the integrity of TEEs is crucial to the
overall security of the device, making a case for the need to increase
|Trust Issues: Exploiting TrustZone TEEs (Project Zero)|
|Debian has released updates to its stable and old stable distributions. Debian 9.1is the first update to "stretch"and Debian 8.9is the ninth update to
"jessie". These updates do not constitute a new versions of Debian, they
only update some of the packages included. "Those who frequently
install updates from security.debian.org won't have to update many
packages, and most such updates are included in the point release."|
|Stable Debian releases|
|Security updates have been issued by CentOS(graphite2 and java-1.8.0-openjdk), Debian(atril, bind9, catdoc, and qemu), Fedora(glpi, GraphicsMagick, heimdal, kernel, nodejs, perl-XML-LibXML, and qt5-qtwebengine), Gentoo(adobe-flash), Mageia(c-ares, expat, flash-player-plugin, gnutls, libgcrypt, libtiff, sane, and tnef), openSUSE(evince and xorg-x11-server), Scientific Linux(graphite2), Slackware(seamonkey), and Ubuntu(heimdal and linux-lts-trusty).
|Security updates for Monday|
|Debian's reproducible builds project has posted an update of what it has
accomplished over the last few years. "On our websitethere
nice colourful graphs showing our progress in numerical terms. In
particular, let us point to the
stretch/amd64 graph: since our slow
start ~3 years ago we have been steadily improving the reproducibility of
our archive, reaching a staggering 94% at the time of writing!"|
|Debian reproducible builds project update|
|The 4.13-rc2kernel prepatch is out for
testing. "Changes all over, although the diffstat is dominated by
the new vboxvideo staging driver. I shouldn't have let it through, but
Greg, as we all know, is 'special'. Also, Quod licet Iovi, and all that
jazz - Greg gets to occasionally break some rules."|
|Kernel prepatch 4.13-rc2|
|The Document Foundation has put out an
extensive annual report [PDF]describing its activities in 2016.
"According to Google Trends, LibreOffice surpassed all other free
started in early 2011. At the end of the year, Datamation confirmed the
leading position, with the first article about alternatives to
LibreOffice"The report is also available
in German [PDF].
|The Document Foundation 2016 annual report|
|Five new stable kernels were announced by Greg Kroah-Hartman on
July 21: 4.12.3, 4.11.12, 4.9.39, 4.4.78, and 3.18.62.
As usual, they contain important fixes throughout the tree and users should
Note that this is the last release in the 4.11 series, users should move to
|New stable kernels released|
|Security updates have been issued by Debian(php5 and ruby-mixlib-archive), Fedora(knot, knot-resolver, and spice), Oracle(graphite2 and java-1.8.0-openjdk), Red Hat(graphite2, java-1.6.0-sun, java-1.7.0-oracle, java-1.8.0-openjdk, and java-1.8.0-oracle), Scientific Linux(java-1.8.0-openjdk), and Ubuntu(kernel, linux, linux-raspi2, linux-hwe, and mysql-5.5, mysql-5.7).
|Security updates for Friday|
|There are a few reasons for wanting the ability to get proper stack traces
out of the kernel, including profiling, tracing, and debugging kernel
crashes. Historically, the kernel's tracebacks have been unreliable for a
number of reasons, most of which have been fixed in recent years. Now it
seems likely that the 4.14 kernel will include a new mechanism that
should put our traceback problems behind us ? for now.
|[$] The ORCs are coming|
|Security updates have been issued by CentOS(freeradius), Debian(memcached), Fedora(irssi and putty), openSUSE(catdoc), Red Hat(collectd), and Ubuntu(expat, openldap, spice, and tiff).
|Security updates for Thursday|
|The LWN.net Weekly Edition for July 20, 2017 is available.
|[$] LWN.net Weekly Edition for July 20, 2017|
|A short sub-thread on the python-ideas mailing list provides some "food for
thought"about the purpose and scope of that list, but also some things to
perhaps be considered more widely. When discussing new features and ideas,
it is common for the conversation to be somewhat hypothetical, but honing
in on something that could be implemented takes a fair amount of work for
those participating. If the feature is proposed and championed by someone
who has no intention of actually implementing it, should the thread come
with some kind of warning?
|[$] Ideas versus implementation|
|An under-the-radar proposal to stop building i686 kernels for Fedora led to
a discussion about dropping support for 32-bit x86 hardware. Any of the
hardware that needs these kernels is quite old, but participants in a
thread on the Fedora devel mailing list noted that those systems still
exist?some run Fedora. As the discussion progressed, though, it became
clear that the Fedora i686 kernel has been in rough shape for some time now.
|[$] 32-Bit x86 support in Fedora|
|CPython is the reference implementation of Python, so it is,
unsurprisingly, the target for various language-extension modules. But the
API and ABI it provides to those extensions ends up limiting what
alternative Python implementations?and even CPython itself?can do, since
those interfaces must continue to be supported. Beyond that, though, the
are not clearly delineated, so changes can unexpectedly affect extensions
that have come to depend on them. A recent thread on the python-ideas
mailing list looks at how to clean that situation up.
|[$] Rationalizing Python's APIs|
|The GnuPG Project has announced the availability of Libgcrypt 1.8.0.
"This is a new stable version of Libgcrypt with full API
and ABI compatibility to the 1.7 series. Its main features are support
Blake-2, XTS mode, an improved RNG, and performance improvements for the
|Libgcrypt 1.8.0 released|