Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
GitLab 10.0 has been released. "With every monthly release of GitLab, we introduce new capabilities and improve our existing features. GitLab 10.0 is no exception and includes numerous new additions, such as the ability to automatically resolve outdated merge request discussions, improvements to subgroups, and an API for Wiki thanks to a contribution from our open source community."
GitLab 10.0 Released

The Clear Containers team at Intel has announced the releaseof Clear Containers 3.0. "Completely rewritten and refactored, Clear Containers 3.0 uses Go language instead of C and introduces many new components and features. The 3.0 release of Clear Containers brings better integration into the container ecosystem and an ability to leverage code used for namespace based containers."
Announcing Intel Clear Containers 3.0

Facebook has announcedthat the React, Jest, Flow, and Immutable.js projects will be moving to the MIT license. This is, of course, a somewhat delayed reaction to the controversyover the "BSD+patent"license previously applied to those projects. "This decision comes after several weeks of disappointment and uncertainty for our community. Although we still believe our BSD + Patents license provides some benefits to users of our projects, we acknowledge that we failed to decisively convince this community."
Facebook relicenses several projects

The Samba 4.7.0 release is out. New features include whole DB read locks (a reliability improvement), active directory with Kerberos support, detailed audit trails for authentication and authorization activities, a multi-process LDAP server, better read-only domain controller support, and more. See the release notesfor details.
Samba 4.7.0 released

Security updates have been issued by CentOS(augeas, samba, and samba4), Debian(apache2, bluez, emacs23, and newsbeuter), Fedora(kernel and mingw-LibRaw), openSUSE(apache2 and libzip), Oracle(kernel), SUSE(kernel, spice, and xen), and Ubuntu(emacs24, emacs25, and samba).
Security updates for Friday

The "tracing and BPF"microconference was held on the final day of the 2017 Linux Plumbers Conference; it covered a number of topics relevant to heavy users of kernel and user-space tracing. Read on for a summary of a number of those discussions on topics like BPF introspection, stack traces, kprobes, uprobes, and the Common Trace Format.
[$] Notes from the LPC tracing microconference

Security updates have been issued by Arch Linux(tomcat7), Debian(kernel and perl), Fedora(libwmf and mpg123), Mageia(bluez, ffmpeg, gstreamer0.10-plugins-good, gstreamer1.0-plugins-good, libwmf, tomcat, and tor), openSUSE(emacs, fossil, freexl, php5, and xen), Red Hat(augeas, rh-mysql56-mysql, samba, and samba4), Scientific Linux(augeas, samba, and samba4), Slackware(samba), SUSE(emacs and kernel), and Ubuntu(qemu).
Security updates for Thursday

Red Hat has announcedan update to its patent promise, wherein the company says it will not enforce its patents against anybody who might be infringing them with open-source software. The new version expands the promise to all software covered by an OSI-approved license, including permissive licenses. The attached FAQ notes that Red Hat now possesses over 2,000 patents.
Red Hat's new patent promise

The Weekly Edition for September 21, 2017 is available.
[$] Weekly Edition for September 21, 2017

In a talk in the refereed track of the 2017 Linux Plumbers Conference, Alexandre Courouble presented the email2gittool that links kernel commits to their review discussion on the mailing lists. Email2git is a plugin for cregit, which implements token-level history for a Git repository; we covered a talk on cregitjust over one year ago. Email2git combines cregit with Patchworkto link the commit to a patch and its discussion threads from any of the mailing lists that are scanned by The result is a way to easily find the discussion that led to a piece of code?or even just a token?changing in the kernel source tree.
[$] Linking commits to reviews

Last week KDE announcedthat they were working with Purism on the Librem 5 smartphone. The GNOME Foundation has also provided its endorsement and supportof Purism?s efforts to build the Librem 5. "As part of the collaboration, if the campaign is successful the GNOME Foundation plans to enhance GNOME shell and general performance of the system with Purism to enable features on the Librem 5. Various GNOME technologies are used extensively in embedded devices today, and GNOME developers have experienced some of the challenges that face mobile computing specifically with the Nokia 770, N800 and N900, the One Laptop Per Child project?s XO laptop and FIC?s Neo1973 mobile phone."
GNOME Foundation partners with Purism to support its efforts to build the Librem 5 smartphone

Ulrich Drepper, once again an engineer at Red Hat, writes about machine learningon "Machine learning and artificial intelligence (ML/AI) mean different things to different people, but the newest approaches have one thing in common: They are based on the idea that a program's output should be created mostly automatically from a high-dimensional and possibly huge dataset, with minimal or no intervention or guidance from a human. Open source tools are used in a variety of machine learning and artificial intelligence projects. In this article, I'll provide an overview of the state of machine learning today."
An intro to machine learning (

Security updates have been issued by CentOS(emacs), Debian(apache2, gdk-pixbuf, and pyjwt), Fedora(autotrace, converseen, dmtx-utils, drawtiming, emacs, gtatool, imageinfo, ImageMagick, inkscape, jasper, k3d, kxstitch, libwpd, mingw-libzip, perl-Image-SubImageFind, pfstools, php-pecl-imagick, psiconv, q, rawtherapee, ripright, rss-glx, rubygem-rmagick, synfig, synfigstudio, techne, vdr-scraper2vdr, vips, and WindowMaker), Oracle(emacs and kernel), Red Hat(emacs and kernel), Scientific Linux(emacs), SUSE(emacs), and Ubuntu(apache2).
Security updates for Wednesday

The 4.13.3, 4.12.14, and 4.9.51stable kernels have been released; each contains another set of important fixes. Note that this is the final update for the 4.12.x series.
Stable kernels 4.13.3, 4.12.14, and 4.9.51

Over the years, there has been a persistent effort to build the Linux kernel using the Clang C compiler that is part of the LLVM project. We last looked in on the effort in a report from the LLVM microconferenceat the 2015 Linux Plumbers Conference (LPC), but we have followed it before thatas well. At this year's LPC, two Google kernel engineers, Greg Hackmann and Nick Desaulniers, came to the Android microconferenceto update the status; at this point, it is possible to build two long-term support kernels (4.4 and 4.9) with Clang.
[$] Building the kernel with clang

Samba CVE-2017-12151 Man in the Middle Security Bypass Vulnerability
Vuln: Samba CVE-2017-12151 Man in the Middle Security Bypass Vulnerability

Samba CVE-2017-12150 Man in the Middle Security Bypass Vulnerability
Vuln: Samba CVE-2017-12150 Man in the Middle Security Bypass Vulnerability

Samba CVE-2017-12163 Arbitrary File Write Vulnerability
Vuln: Samba CVE-2017-12163 Arbitrary File Write Vulnerability

Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
Vuln: Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability

APPLE-SA-2017-09-19-1 iOS 11
Bugtraq: APPLE-SA-2017-09-19-1 iOS 11

Watchguard Fireware OS DOS & Stored XSS
Bugtraq: Watchguard Fireware OS DOS &Stored XSS

[SECURITY] [DSA 3978-1] gdk-pixbuf security update
Bugtraq: [SECURITY] [DSA 3978-1] gdk-pixbuf security update

[slackware-security] ruby (SSA:2017-261-03)
Bugtraq: [slackware-security] ruby (SSA:2017-261-03)

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus