Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|The 2018 Linux Storage, Filesystem, and Memory-Management Summit will be
held April 23-25 in Park City, Utah. The call for proposals has just gone
out with a tight deadline: they need to be received by January 31.
"LSF/MM is an invitation-only technical
workshop to map out improvements to the Linux storage, filesystem and
memory management subsystems that will make their way into the
mainline kernel within the coming years."|
|LSFMM 2018 call for proposals|
|While some aspects of the kernel's defenses against the Meltdown and
Spectre vulnerabilities were more-or-less in place when the problems were
disclosed on January 3, others were less fully formed. Additionally,
many of the mitigations (especially for the two Spectre variants) had not
been seen in public prior to the disclosure, meaning that there was a lot
of scope for discussion once they came out. Many of those discussions are
slowing down, and the kernel's initial response has mostly come into
focus. The 4.15 kernel will include a broad set of mitigations, while some
others will have to wait for later; read on
for details on where things stand.
|[$] Meltdown/Spectre mitigation for 4.15 and beyond|
|The Linux kernel's generic power domain (genpd) subsystem has been
support active state management of the power domains in the
4.15 development cycle. Power domains were
traditionally used to enable or disable power to a region of a system on
chip (SoC) but, with the recent updates, they can control the clock rate or
amount of power supplied to that region as well.
These changes improve the kernel's ability to run the system's hardware at
the optimal power level for the current workload.
Click below (subscribers only) for the full article contributed by Viresh
|[$] Active state management of power domains|
|Security updates have been issued by Arch Linux(qtpass), Debian(libkohana2-php, libxml2, transmission, and xmltooling), Fedora(kernel and qpid-cpp), Gentoo(PolarSSL and xen), Mageia(flash-player-plugin, irssi, kernel, kernel-linus, kernel-tmb, libvorbis, microcode, nvidia-current, php & libgd, poppler, webkit2, and wireshark), openSUSE(gifsicle, glibc, GraphicsMagick, gwenhywfar, ImageMagick, libetpan, mariadb, pngcrush, postgresql94, rsync, tiff, and wireshark), and Oracle(kernel).
|Security updates for Monday|
|The 4.15-rc8kernel prepatch is out for
testing. Among other things, it includes the "retpoline"mechanism
intended to mitigate variant 2 of the Spectre vulnerability. Testing
of this change will be hard, though, since it requires a version of GCC
that almost nobody has ? watch LWN for a full article in the near future.
"I'm still hoping that this will be the last
rc, despite all the Meltdown and Spectre hoopla. But we will just have to
see, it obviously requires this upcoming week to not come with any huge
|Kernel prepatch 4.15-rc8|
|GnuBeeis the brand name
for a line of open hardware boards designed to provide
Linux-based network-attached storage. Given the success of the
crowdfunding campaigns for the first two products, the GB-PC1and
GB-PC2(which support 2.5 and 3.5 inch drives respectively), there appears to be a
market for these devices. Given that Linux is quite good at attaching
storage to a network, it seems likely they will perform their core function
more than adequately. My initial focus when exploring my GB-PC1 is not the
performance but the openness: just how open is it really? The best analogy
I can come up with is that of a door with rusty hinges: it can be opened,
but doing so requires determination.
|[$] Opening up the GnuBee open NAS system|
|Security updates have been issued by Arch Linux(intel-ucode), Debian(gifsicle), Fedora(awstats and kernel), Gentoo(icoutils, pysaml2, and tigervnc), Mageia(dokuwiki and poppler), Oracle(kernel), SUSE(glibc, kernel, microcode_ctl, tiff, and ucode-intel), and Ubuntu(intel-microcode).
|Security updates for Friday|
|Nextcloud has announcedNextcloud Talk, a fully open source video meeting software that is on-premise
hosted and end-to-end encrypted. "Nextcloud Talk makes it easier than
ever to host a privacy-respecting audio/video communication service for
home users and enterprises. Business users have optional access to the
Spreed High Performance Back-end offering enterprise-class scalability,
reliability, and features through a Nextcloud subscription. With the
easy-to-use interface, users can engage colleagues, friends, partners or
customers, working in real time through High Definition (H265 based) audio
and video in web meetings and webinars."|
|Introducing Nextcloud Talk|
|Security updates have been issued by Arch Linux(glibc and lib32-glibc), Debian(ming and poco), Fedora(electron-cash, electrum, firefox, heketi, microcode_ctl, and python-jsonrpclib), openSUSE(clamav-database and ucode-intel), Red Hat(flash-plugin), SUSE(OBS toolchain), and Ubuntu(webkit2gtk).
|Security updates for Thursday|
|The LWN.net Weekly Edition for January 11, 2018 is available.
|[$] LWN.net Weekly Edition for January 11, 2018|
|A focus on privacy is a key feature being touted by a number of different
projects these days?from KDE to Tails to Nextcloud. One of the
biggest privacy leaks for most people is their phone, so it is no surprise
that there are projects looking to address that as well. A new entrant in
that category is eelo, which is a non-profit
project aimed at producing not only a phone, but also a suite of web
services. All of that could potentially replace the Google or Apple mothership,
which tend to collect as much personal data as possible.
|[$] Eelo seeks to make a privacy-focused phone|
|Freedom of the Press Foundation has a
tribute to James Dolan, who died over the holidays at the age of 36. James worked with Aaron Swartz and journalist
Kevin Poulsen to build the original prototype of SecureDrop, an open-source whistleblower
submission system. "He was our first full-time employee at Freedom of
the Press Foundation, and quickly set out to teach other developers,
contributors, and anyone interested in how the system worked. He poured his
heart and soul into the work, traveling to newsrooms around North America
to teach IT staffs and journalists in person how to install and use
SecureDrop. He completely reworked the installation process, he pushed us
to get independent security audits of the system, and he helped us hire the
initial team that would take over SecureDrop once he was gone."LWN covereda LibrePlanet talk on SecureDrop back in March 2017.
(Thanks to Paul Wise)
|A tribute to James Dolan, co-creator of SecureDrop|
|Greg Kroah-Hartman has released stable kernels 4.14.13, 4.9.76, and 4.4.111. As usual, they all contain important
fixes and users should update.
|Stable kernel updates|
|Security updates have been issued by Debian(awstats, gdk-pixbuf, plexus-utils, and plexus-utils2), Fedora(asterisk, gimp, heimdal, libexif, linux-firmware, mupdf, poppler, thunderbird, webkitgtk4, wireshark, and xrdp), openSUSE(diffoscope, irssi, and qemu), SUSE(java-1_7_0-ibm, kernel-firmware, and qemu), and Ubuntu(irssi, kernel, linux, linux-aws, linux-euclid, linux-kvm, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-lts-xenial, linux-aws, linux-raspi2, ruby1.9.1, ruby2.3, and sssd).
|Security updates for Wednesday|
|Version 0.26 of the notmuch email client/indexer is available with a long
list of new features. "It's now possible to include the cleartext of encrypted e-mails in
the notmuch index. This makes it possible to search your encrypted
e-mails with the same ease as searching cleartext."|
|notmuch release 0.26 now available|