Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
fifth versionof the patch series adding
the boot-constraint subsystem is
under review on the linux-kernel mailing list. The purpose of this subsystem is to
honor the constraints put on devices by the
bootloader before those devices are
handed over to the operating system (OS) ? Linux in our case. If these
constraints are violated, devices may fail to work properly once the kernel
starts reconfiguring the hardware; by tracking and enforcing those
constraints, instead, we can ensure that hardware continues to work
properly until the kernel is fully operational.
|[$] The boot-constraint subsystem|
|Security updates have been issued by Debian(quagga), Mageia(freetype2, kernel-linus, and kernel-tmb), openSUSE(chromium, GraphicsMagick, mupdf, openssl-steam, and xen), Slackware(irssi), SUSE(glibc and quagga), and Ubuntu(quagga).
|Security updates for Friday|
|For as long as the kernel has included tracepoints, developers have argued
over whether those tracepoints are part of the kernel's ABI. Tracepoint
changes have had to be reverted in the past because they broke existing
user-space programs that had come to depend on them; meanwhile, fears of
setting internal code in stone have made it difficult to add tracepoints to
a number of kernel subsystems. Now, a new tracing functionality is being
proposed as a way to circumvent all of those problems.
|[$] Dynamic function tracing events|
|Linux Journal takes a lookat the newly announcedLinuxBoot project. LWN covereda related talk back in November. "Modern firmware generally consists of two main parts: hardware initialization (early stages) and OS loading (late stages). These parts may be divided further depending on the implementation, but the overall flow is similar across boot firmware. The late stages have gained many capabilities over the years and often have an environment with drivers, utilities, a shell, a graphical menu (sometimes with 3D animations) and much more. Runtime components may remain resident and active after firmware exits. Firmware, which used to fit in an 8 KiB ROM, now contains an OS used to boot another OS and doesn't always stop running after the OS boots. LinuxBoot replaces the late stages with a Linux kernel and initramfs, which are used to load and execute the next stage, whatever it may be and wherever it may come from. The Linux kernel included in LinuxBoot is called the 'boot kernel' to distinguish it from the 'target kernel' that is to be booted and may be something other than Linux."|
|FOSS Project Spotlight: LinuxBoot (Linux Journal)|
|Security updates have been issued by Debian(jackson-databind, leptonlib, libvorbis, python-crypto, and xen), Fedora(apache-commons-email, ca-certificates, libreoffice, libxml2, mujs, p7zip, python-django, sox, and torbrowser-launcher), openSUSE(libreoffice), SUSE(libreoffice), and Ubuntu(advancecomp, erlang, and freetype).
|Security updates for Thursday|
|The LWN.net Weekly Edition for February 15, 2018 is available.
|[$] LWN.net Weekly Edition for February 15, 2018|
|A scientist with a rather unusual name, Meow-Ludo Meow-Meow, gave a talk at
about the current trends in "do it yourself"(DIY) biology or
"biohacking". He is perhaps most famous for being
prosecuted for implanting an Opal card RFID chipinto his hand; the
Opal card is used for public transportation fares in Sydney. He gave more
details about his implant as well as describing some other biohacking
projects in an engaging presentation.
|[$] DIY biology|
|Mark Wielaard writes
aboutthe recently discovered relicensing of the dtrace dynamic tracing
subsystem under the GPL. "Thank you Oracle for making everyone?s
life easier by waving your magic relicensing wand!
Now there is lots of hard work to do to actually properly integrate this. And I am sure there are a lot of technical hurdles when trying to get this upstreamed into the mainline kernel. But that is just hard work. Which we can now start collaborating on in earnest."|
|Wielaard: dtrace for linux; Oracle does the right thing|
|The 2018 USENIX
Enigma conferencewas held for the third time in January. Among
many interesting talks, three presentations dealing with human security
behaviors stood out. This article covers the key messages of these talks,
namely the finding that humans are social in their security
behaviors: their decision to adopt a good security practice is hardly ever
an isolated decision.Subscribers can read on for the report by guest author Christian
|[$] A report from the Enigma conference|
|Volker Lendecke is one of the first contributors to Samba,
having submitted his first patches in 1994. In addition to developing
other important file-sharing tools, he's heavily involved in development of
the winbind service, which is implemented in winbindd. Although the core Active Directory (AD) domain controller
(DC) code was written by his colleague Stefan Metzmacher, winbind is a
crucial component of Samba's AD functionality.
In his information-packed talk at FOSDEM
said he aimed to give a high-level
overview of what AD and Samba authentication is, and in particular the
communication pathways and trust relationships between the parts of
Samba that authenticate a Samba user in an AD environment.
|[$] Authentication and authorization in Samba 4|
|Security updates have been issued by Arch Linux(exim and mpv), Debian(advancecomp and graphicsmagick), Red Hat(collectd, erlang, httpd24-apr, openstack-aodh, and openstack-nova), SUSE(kernel and xen), and Ubuntu(libvorbis).
|Security updates for Wednesday|
|Much as some of us would love never to have to deal with Windows,
it exists. It wants to authenticate its users and share
resources like files and printers over the network. Although many
enterprises use Microsoft tools to do this, there is a free alternative,
in the form of Samba. While Samba 3 has been happily providing
authentication along with file and print sharing to Windows clients for
the Microsoft world has been slowly moving toward Active Directory (AD).
Meanwhile, Samba 4, which adds a free reimplementation of AD on Linux, has
been increasingly ready for deployment. Three short talks at FOSDEM 2018provided three different views of Samba 4, also known as Samba-AD,
and left behind a pretty clear picture that Samba 4 is truly
ready for use.
Subscribers can read on for a report from guest author Tom Yates on the first two of those talks; stay tuned for another on the third soon.
|[$] Two FOSDEM talks on Samba 4|
|Stable kernels 4.15.3, 4.14.19, and 4.9.81have been released. They all contain
important fixes and users should upgrade.
|Stable kernel updates|
|Security updates have been issued by Arch Linux(sthttpd), Debian(clamav, libreoffice, and pound), openSUSE(ipsec-tools and leptonica), SUSE(libreoffice), and Ubuntu(exim4, firefox, php5, puppet, and wavpack).
|Security updates for Tuesday|
|While there is a lot of software distributed under the terms of the GNU
General Public License, there is relatively little enforcement of the terms
of that license and, it seems, even less discussion of enforcement in
organizers of linux.conf.au have never shied away from such topics, though,
so Karen Sandler's enforcement update during the linux.conf.au 2018 Kernel
fit right in. The picture she painted includes a number of challenges for
the GPL and the communities based on it, but there are some bright spots as
|[$] A GPL-enforcement update|