Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Linus has released the 4.12-rc3kernel prepatch. "Hey, things continue to look good, and rc3 isn't even very big. I'm hoping there's not another shoe about to drop, but so far this really feels like a nice calm release cycle, despite the size of the merge window."
Kernel prepatch 4.12-rc3

The 3.1.0 release of the Mailmanmailing list manager is out. "Two years after the original release of Mailman 3.0, this version contains a huge number of improvements across the entire stack. Many bugs have been fixed and new features added in the Core, Postorius (web u/i), and HyperKitty (archiver). Upgrading from Mailman 2.1 should be better too. We are seeing more production sites adopt Mailman 3, and we've been getting great feedback as these have rolled out. Important: mailman-bundler, our previous recommended way of deploying Mailman 3, has been deprecated. Abhilash Raj is putting the finishing touches on Docker images to deploy everything, and he'll have a further announcement in a week or two."New features include support for Python 3.5 and 3.6, MySQL support, new REST resources and methods, user interface and user experience improvements, and more.
Mailman 3.1.0 released

On his blog, Siddhesh Poyarekar looks at tunablesin the GNU C library (glibc). The idea for centralizing the handling of tunable parameters in the library started back 2013, but was added to glibc in version 2.25that was released in February. "Tunables is an internal implementation detailin glibc. It is a way to manage ways in which we allow behaviour in glibc to be modified. As of now the only way to manage glibc is via environment variables and the way to do that was strewn all over the place in the source code. Tunables provide one place to add the tunable parameter with all of the characteristics it would have and then the framework will handle everything from there. The user of that tunable (e.g. malloc for MALLOC_MMAP_THRESHOLD_or malloc.mmap.thresholdin tunables parlance) would then simply access the tunable from the list and do what it wants to do, without bothering about where it came from."
Poyarekar: The story of tunables

This article is a tour of some of the newest features in the gnuplotplotting utility. Some of these features are already present in the 5.0 release, and some are planned for the next official release, which will be gnuplot 5.2. Highlights in the upcoming release include hypertext labels, more control over axes, a long-awaited ability to add labels to contours, better lighting effects, and more; read on for the details.
[$] What's new in gnuplot 5.2

Security updates have been issued by CentOS(kernel), Debian(graphicsmagick, imagemagick, kde4libs, and puppet), Fedora(FlightCrew, kernel, libvncserver, and wordpress), Gentoo(adobe-flash, smb4k, teeworlds, and xen), Mageia(kernel, kernel-linus, kernel-tmb, and perl-CGI-Emulate-PSGI), openSUSE(GraphicsMagick and rpcbind), Oracle(kernel), Red Hat(kernel and kernel-rt), and Scientific Linux(kernel).
Security updates for Friday

The Free Software Foundation's blog is carrying an interview with AJ Jordon, who runs the gplenforced.orgsite to support GPL enforcement efforts and to help other projects indicate their support. " is a small site I made that has exactly two purposes: host a badge suitable for embedding into a README file on GitLab or something, and provide some text with an easy and friendly explanation of GPL enforcement for that badge to link to. Putting badges in READMEs has been pretty trendy for a while now ? people add badges to indicate whether their test suite is passing, their dependencies are up-to-date, and what version is published in language package managers. capitalizes on that trend to add the maintainer's beliefs about license enforcement, too."
The Licensing and Compliance Lab interviews AJ Jordon of (FSF Blog)

Alpine Linux 3.6.0 has been released. Alpine is an independent, minimalist distribution that is built around musl libc and busybox to keep it small and resource efficient. This version adds support for 64-bit little-endian POWER machines (ppc64le) and 64-bit IBM z Systems (s390x).
Alpine Linux 3.6.0 Released

The Devuan project set out to create a systemd-less Debian, and now Devuan Jessie 1.0.0 Stable has been released. "There have been no significant bug reports since Devuan Jessie RC2 was announced only three weeks ago and the list of release critical bugs is now empty. So finally Devuan Jessie Stable is ready for release! As promised, this will also be a Long-Term-Support (LTS) release. Our team will participate in providing patches, security updates, and release upgrades beyond the planned lifespan of Debian Jessie."
Devuan Jessie 1.0.0 stable LTS

Greg Kroah-Hartman has announced the release of the 4.11.3, 4.9.30, 4.4.70, and 3.18.55stable kernels. They contain a rather large set of patches all over the tree and users should upgrade.
Stable kernel updates

Security updates have been issued by CentOS(samba and samba4), Mageia(samba), openSUSE(bash and samba), Oracle(samba and samba4), Slackware(samba), SUSE(ghostscript and java-1_7_0-openjdk), and Ubuntu(firefox and samba).
Security updates for Thursday

The Weekly Edition for May 25, 2017 is available.
[$] Weekly Edition for May 25, 2017

At the 2016 Python Language Summit, Larry Hastings introduced Gilectomy, his project to remove the global interpreter lock (GIL) from CPython. The GIL serializes access to the Python interpreter, so it severely limits the performance of multi-threaded Python programs. At the 2017 summit, Hastings was back to update attendees on the progress he has made and where Gilectomy is headed.
[$] Progress on the Gilectomy

In a brief session at the 2017 Python Language Summit, Maciej Szulik gave an update on the state and plans for It is the Roundup-based bug tracker for Python; moving to GitHub has not changed that. He described the work that two Google Summer of Code (GSoC) students have done to improve the bug tracker.
[$] The state of

As part of a discussion in 2014about where to host some of the Python repositories, Brett Cannon was delegated the task of determining where they should end up. In early 2016, he decidedthat Python's code and other repositories (e.g. PEPs) should land at GitHub; at last year's language summit, he gave an overviewof where things stood with a few repositories that had made the conversion. Since that time, the CPython repository has made the switch and he wanted to discuss some of the workflow issues surrounding that move at this year's summit.
[$] New CPython workflow issues

The Samba Team has issued an advisoryregarding CVE-2017-7494: "All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it."Distributors are already shipping the fix; there's also a workaround in the advisory for those who cannot update immediately.
A Samba remote code execution vulnerability

Oracle Java SE and JRockit CVE-2017-3533 Remote Security Vulnerability
Vuln: Oracle Java SE and JRockit CVE-2017-3533 Remote Security Vulnerability

Oracle Java SE CVE-2017-3539 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2017-3539 Remote Security Vulnerability

Oracle Java SE CVE-2017-3509 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2017-3509 Remote Security Vulnerability

Oracle Java SE and JRockit CVE-2017-3544 Remote Security Vulnerability
Vuln: Oracle Java SE and JRockit CVE-2017-3544 Remote Security Vulnerability

[SECURITY] [DSA 3865-1] mosquitto security update
Bugtraq: [SECURITY] [DSA 3865-1] mosquitto security update

Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11
Bugtraq: Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11

Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Key and Token
Bugtraq: Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Key and Token

[security bulletin] HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities
Bugtraq: [security bulletin] HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus