Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
+ CloudNativeCon Europe 2018, Justin Cormack and Nassim Eddequiouaq presenteda proposal to simplify the setting of security parameters for containerized
Containers depend on a large set of intricate security primitives that can
have weird interactions. Because they are so hard to use, people often just
turn the whole thing off. The goal of the proposal is to make those
controls easier to understand and use; it is partly inspired by mobile apps
on iOS and Android platforms, an idea that trickled back into Microsoft and
Apple desktops. The time seems ripe to improve the field of
container security, which is in desperate need of simpler controls.
|[$] Easier container security with entitlements|
|Security updates have been issued by Debian(imagemagick), Fedora(curl, glibc, kernel, and thunderbird-enigmail), openSUSE(enigmail, knot, and python), Oracle(procps-ng), Red Hat(librelp, procps-ng, redhat-virtualization-host, rhev-hypervisor7, and unboundid-ldapsdk), Scientific Linux(procps-ng), SUSE(bash, ceph, icu, kvm, and qemu), and Ubuntu(procps and spice, spice-protocol).
|Security updates for Thursday|
|The LWN.net Weekly Edition for May 24, 2018 is available.
|[$] LWN.net Weekly Edition for May 24, 2018|
|The bcachefs filesystemhas been under
development for a number of years now; according to lead developer Kent
Overstreet, it is time to start talking about getting the code upstream.
He came to the 2018 Linux Storage, Filesystem, and Memory-Management Summit
(LSFMM) to discuss that in a combined filesystem and storage
session. Bcachefs grew out of bcache, which is a block layer
cache that was merged into Linux 3.10 in mid-2013.
|[$] An update on bcachefs|
|If pressed, I will admit to thinking that, if NISwas good enough for Charles Babbage, it's
good enough for me. I am therefore not a huge fan of LDAP; I feel I can detect in it the heavy hand of the ITU,
which seems to
wish to apply X.500to
everything. Nevertheless, for secure, distributed, multi-platform identity
management it's quite hard to beat. If you decide to run an LDAP server
on Unix, one of the major free implementations is slapd, the core
engine of the OpenLDAPproject.
Howard Chu is the chief architect of the project,
and spoke at FLOSS 2018 about the upcoming 2.5 release. Any rumors
that he might have passed the time while the room filled up by giving
a short but nicely rendered fiddle recital are completely true.
|[$] What's coming in OpenLDAP 2.5|
|The Python release cycle has an 18-month cadence; a new major release (e.g.
Python 3.7) is
made roughly on that schedule. But ?ukasz Langa, who is the release
manager for Python 3.8 and 3.9, would like to see things move
more quickly?perhaps on a yearly cadence. In the first session after lunch
at the 2018 Python Language Summit, Langa wanted to discuss that idea.
|[$] Shortening the Python release schedule|
|Security updates have been issued by CentOS(java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Debian(procps), Fedora(curl, mariadb, and procps-ng), Gentoo(samba, shadow, and virtualbox), openSUSE(opencv, openjpeg2, pdns, qemu, and wget), Oracle(java-1.8.0-openjdk and kernel), Red Hat(java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, kernel-rt, libvirt, qemu-kvm, qemu-kvm-rhev, redhat-virtualization-host, and vdsm), Scientific Linux(java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Slackware(kernel, mozilla, and procps), SUSE(ghostscript-library, kernel, mariadb, python, qemu, and wget), and Ubuntu(linux-raspi2 and linux-raspi2, linux-snapdragon).
|Security updates for Wednesday|
|Case-insensitive file name lookups are a feature that is fairly frequently
raised at the Linux
Storage, Filesystem, and Memory-Management Summit (LSFMM). At the 2018
summit, Gabriel Krisman Bertazi proposed a new way to support
the feature, though it met with a rather skeptical reception?with one
notable exception. Ted Ts'o seemed favorably disposed to the idea, in part
it would potentially be a way to get rid of some longstanding Android ugliness:
|[$] Case-insensitive filesystem lookups|
|Kata Containers 1.0 has been released. "This first release of Kata Containers completes the merger of Intel?s Clear Containers and Hyper?s runV technologies, and delivers an OCI compatible runtime with seamless integration for container ecosystem technologies like Docker and Kubernetes."|
|Kata Containers 1.0|
|Stable kernels 4.16.11, 4.14.43, and 4.9.102have been released. They all contain
important fixes and users should update.
|Three stable kernel updates|
|In a filesystem-track session at the 2018 Linux Storage, Filesystem, and
Memory-Management Summit (LSFMM), Ronnie Sahlberg talked about some changes
he has made to add support for compounding to the SMB/CIFS
implementation in Linux. Compounding is a way to combine multiple
operations into a single request that can help reduce network round-trips.
|[$] SMB/CIFS compounding support|
|Security updates have been issued by Debian(gitlab and packagekit), Fedora(glibc, postgresql, and webkitgtk4), Oracle(java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Red Hat(java-1.7.0-openjdk, kernel-rt, qemu-kvm, and qemu-kvm-rhev), SUSE(openjpeg2, qemu, and squid3), and Ubuntu(kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux, linux-aws, linux-kvm,, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-aws, qemu, and xdg-utils).
|Security updates for Tuesday|
|In a 2018 Python Language Summit talk that was initially billed as
"Mariatta's Topic of Mystery",
Mariatta Wijaya described her reasoning for advocating moving Python away
from its current bug trackerto
GitHub Issues. She wanted to surprise her co-attendees with the talk
topic at least partly because it is somewhat controversial. But it would
complete Python's journey to GitHubthat started a ways back.
|[$] Using GitHub Issues for Python|
|It is the season for web sites to be updating their privacy policies and
obtaining consent from their users for whatever data they collect. LWN,
being short of staff with the time or interest to work in this area, is
rather late to this game. The first step is an updated
from the current version; we still don't
collect much data, share data with others, or attempt to
monetize what we have in any way. We would like to ask interested readers
to have a look and let us know about any potential problems they see.
|Intel has, finally, disclosedtwo more Spectre variants, called 3a and 4. The first ("rogue system
register read") allows system-configuration registers to be read
speculatively, while the second ("speculative store bypass") could enable
speculative reads to data after a store operation has been speculatively
ignored. Some more information on variant 4 can be found in the
Project Zero bug tracker. The fix is to install microcode updates,
which are not yet available.
|Spectre variants 3a and 4|