April 24, 2020:
The following changes have been made:
- libesedb{,-devel,-python2,-python3}-20200418-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libesedb{,-devel,-python2}-20200418-1.el6.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-python36}-20200418-1.el7.x86_64.rpm, and libesedb{,-devel,-python2,-python3}-20200418-1.{fc31,el8}.x86_64.rpm -
Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
- libevt{,-devel,-python2,-python3}-20200418-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2}-20200418-1.el6.{i686,x86_64}.rpm, libevt{,-devel,-python2,-python36}-20200418-1.el7.x86_64.rpm, and libevt{,-devel,-python2,-python3}-20200418-1.{fc31,el8}.x86_64.rpm -
Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
- libevtx{,-devel,-python2,-python3}-20200419-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2}-20200419-1.el6.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-python36}-20200419-1.el7.x86_64.rpm, and libevtx{,-devel,-python2,-python3}-20200419-1.{fc31,el8}.x86_64.rpm -
Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
- libfsntfs{,-devel,-python3}-20200416-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200416-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200416-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200416-1.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
- pfring-7.6.0-2926.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2926.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2411.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.20.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-20.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
April 17, 2020:
The following changes have been made:
- daq{,-devel,-modules}-2.0.7-10.1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and daq{,-devel,-modules}-2.0.7-10.1.{fc31,el7,el8}.x86_64.rpm -
The Data Acquisition Library (Daq) is a library used by snort.
This release differs from daq provided by Fedora and EPEL because it contains the static libraries required by snort.
- snort-2.9.16-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.16-1.{fc31,el7,el8}.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the changes in this version.
This release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
- snort-sample-rules-2.9.16-1.{fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
These rules are sample rules only and are intended to allow snort to start successfully.
These rules only flag HTTP traffic destined for port 80.
Please see the snort rules page to acquire a current set of snort rules.
- snort-openappid-2.9.1.16-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.16-1.{fc31,el7,el8}.x86_64.rpm -
This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort.
See here for more details.
See the OpenAppId Detector Developer Guide for more information.
To install snort-openappid on your system, you must first remove snort.
Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi
sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
- bulk_extractor-1.6.0-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and bulk_extractor-1.6.0-2.{fc31,el7,el8}.x86_64.rpm -
Bulk_extractor
is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures.
The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools.
Bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important.
This version fixes many issues.
In addition, it also contains the BEViewer GUI front-end for bulk_extractor.
This version was rebuilt to add SQLite and LibXML build dependencies.
- libewf-experimental{,-devel,-tools,-python3,-tools}-20200405-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libewf-experimental{,-devel,-tools,-python2,-tools}-20200405-1.el6.{i686,x86_64}.rpm,
libewf-experimental{,-devel,-tools,-python36,-tools}-20200405-1.el7.x86_64.rpm, and libewf-experimental{,-devel,-tools,-python3,-tools}-20200405-1.{fc31,el8}.x86_64.rpm -
Libewf supports Expert Witness Compression Format (EWF) formatted files.
See this page for the list of supported and unsupported formats.
Libewf-Experimental installs packages in /usr/local so that it can be optionally installed along with the conventional Libewf packages, where package contents are installed in /usr.
Further, the Libewf-Experimental packages have been installed in the forensics-test repository.
You will need to enable this repository with this command for Fedora or CentOS/RHEL 8:
sudo dnf config-manager --set-enabled forensics-test
or this command for CentOS/RHEL 6 and 7:
sudo yum-config-manager --enable forensics-test
- python{2,36}-psutil-5.7.0-2.el7.x86_64.rpm -
Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network) in Python.
Note that the Python 2 version is now provided and the Python 3 version no longer obsoletes the Python 2 version.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-1.{fc31,el7,el8}.x86_64.rpm and -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28.
This release contains those fixes.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-2.{fc31,el6,el7,el8}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28.
This release contains those fixes.
- analysis-pipeline-5.11.3-4.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-4.{fc31,el7,el8}.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt to use silk 3.19.0 release 3.
- prism-1.2-9.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and prism-1.2-9.{fc31,el7,el8}.x86_64.rpm -
The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool.
The script can be used directly, or might be used as a component in other more specialized scripts.
In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup.
This package was rebuilt to use silk 3.19.0.
- super_mediator-1.7.1-3.{fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.1-3.{fc31,el7,el8}.x86_64.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
This package was rebuilt to use silk 3.19.0.
- libfsapfs{,-devel,-python2,-python3}-20200416-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2}-20200416-1.el6.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-python36}-20200416-1.el7.x86_64.rpm, and libfsapfs{,-devel,-python2,-python3}-20200416-1.{fc31,el8}.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
- pfring-7.6.0-2903.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2903.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2375.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.19.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-19.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.35.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-35.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el8-x86_64-1.6-1.6.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el8-x86_64-1.1.r17-6.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
April 10, 2020:
The following changes have been made:
- python{2,3}-certifi-2020.4.5.1-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python{2,36}-certifi-2020.4.5.1-1.el7.noarch.rpm -
Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
- python{2,3}-pyparsing-2.4.7-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm, python{2,36}-pyparsing-2.4.7-1.el7.noarch.rpm, and pyparsing-doc-2.4.7-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm -
Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions.
The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
- bulk_extractor-1.6.0-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and bulk_extractor-1.6.0-1.{fc31,el7,el8}.x86_64.rpm -
Bulk_extractor
is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures.
The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools.
Bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important.
This version fixes many issues.
In addition, it also contains the BEViewer GUI front-end for bulk_extractor.
- CERT-Forensics-Tools-1.0-89.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-89.{fc31,el7,el8}.x86_64.rpm -
This relese does the following:
- Volatility-community-plugins-20190729-5.{fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community.
This package was updated to reflect the removal of the python-dpapick dependency for Fedora 31.
No changes were made for any of the other provided systems.
- python2-dpapick-0.3-1.fc31.noarch.rpm -
Python-DPAPick is a Python toolkit to provide a platform-independant implementation of Microsoft's cryptography subsytem called DPAPI (Data Protection API).
This package was removed from the Fedora 31 repository for the x86_64 architecture.
- python-CFPropertyList-0.0.1-1.fc31.x86_64.rpm -
Python-CFPropertyList is a Python toolkit to that contains classes to read binary property list files as defined by Apple.
This package was removed from the Fedora 31 repository for the x86_64 architecture.
- python-registry-1.2.0-1.fc31.x86_64.rpm -
Python-registry provides read-only access to Windows Registry files, such as NTUSER.DAT, userdiff, and SOFTWARE.
This package was removed from the Fedora 31 repository for the x86_64 architecture.
- python-unicodecsv-0.14.0-1.fc31.x86_64.rpm -
Python-unicodecsv is a drop-in replacement for Python 2.7’s csv module which supports unicode strings without a hassle.
This package was removed from the Fedora 31 repository for the x86_64 architecture.
- pfring-7.6.0-2900.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2900.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2358.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.18.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-18.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el8-x86_64-1.6-1.5.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el8-x86_64-1.1.r17-5.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
April 3, 2020:
The following changes have been made:
- cert-forensics-tools-release-{6,7,8,26,27,28,29,30,31}-15.noarch.rpm -
cert-forensics-tools-release is the package
that connects a Fedora- and CentOS/RHEL-based computer system to the CERT Linux Forensics Tools Repository (LiFTeR).
This package has been changed to include a new Forensics team key which is also available here.
- pfring-7.6.0-2891.{el6,el7}.x86_64.rpm and pfring-7.6.0-2888.el8.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2891.{el6,el7}.x86_64.rpm and pfring-dkms-7.6.0-2888.el8.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2351.{el6,el7}.x86_64.rpm and ndpi-3.2.0-2340.el8.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.17.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.5.13-200 for FC31
- 5.5.11-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-16.noarch.rpm -
This package has been changed to include a new Forensics team key which is also available here.
- pfring-7.6.0-2891.{el6,el7}.x86_64.rpm and pfring-7.6.0-2888.el8.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2891.{el6,el7}.x86_64.rpm and pfring-dkms-7.6.0-2888.el8.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2351.{el6,el7}.x86_64.rpm and ndpi-3.2.0-2340.el8.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.17.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.5.13-200 for FC31
- 5.5.11-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-16.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.5.13-200 for FC31
- 5.5.11-200 for FC31
|
|
March 27, 2020:
The following changes have been made:
- python{2,3}-elasticsearch-7.6.0-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python{2,36}-elasticsearch-7.6.0-1.el7.x86_64.rpm, and python{2,3}-elasticsearch-7.6.0-1.{fc31,el8}.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
- python3-zmq{,-tests}-19.0.0-el8.x86_64.rpm -
ZMQ is the Python bindings for ØMQ. This documentation currently contains notes on some important aspects of developing PyZMQ and an overview of what the ØMQ API looks like in Python.
For information on how to use ØMQ in general, see the many examples in the excellent ØMQ Guide, all of which have a version in Python.
- pfring-7.6.0-2887.{el6,el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2887.{el6,el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2340.{el6,el7,el8}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- yaf{,-devel}-2.11.0-4.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and yaf{,-devel}-2.11.0-4.{fc31,el7,el8}.x86_64.rpm -
Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering.
Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format.
It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using
pcap(3), an Endace DAG capture device,
or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX
over SCTP, TCP or
UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system.
Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring.
- snort-2.9.15.1-2.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.15.1-2.{fc31,el7,el8}.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the changes in this version.
This release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
- snort-openappid-2.9.1.15-2.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.15.1-2.{fc31,el7,el8}.x86_64.rpm -
This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort.
See here for more details.
See the OpenAppId Detector Developer Guide for more information.
To install snort-openappid on your system, you must first remove snort.
Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi
sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
- fmem-kernel-modules-fc31-x86_64-1.6-1.16.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-16.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.34.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-34.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
March 21, 2020:
The following changes have been made:
- ddrescue-1.25-1.{fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm -
Ddrescue is a data recovery tool.
It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors.
See here for the changes since the last version (1.24) released to this repository.
- cutter-1.10.1-1.fc30.{i686,x86_64}.rpm and cutter-1.10.1-1.fc31.x86_64.rpm -
Cutter is a Qt and C++
GUI for radare2 reverse engineering framework.
These packages have been removed from the repository because they are now provided by Fedora by a package named cutter-re
- cutter-1.10.1-1.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and cutter-1.10.1-1.{el7,el8}.x86_64.rpm -
Cutter is a Qt and C++
GUI for radare2 reverse engineering framework.
These packages have been removed from the repository because they are now provided by a package named cutter-re to be consistent with the packages provided by Fedora.
- cutter-re-1.7.3-2.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and cutter-re-1.7.3-1.{el7,mel8}.x86_64.rpm -
Cutter is a Qt and C++
GUI for radare2 reverse engineering framework.
Its goal is making an advanced, customizable, and FOSS (free and open-source software) reverse-engineering platform while keeping the user experience at mind.
Cutter is created by reverse engineers for reverse engineers.
This version of cutter is based on the code dated 2019-01-15 which was built to embed radare2 version 2.6.0 in it.
This release provides the same files as cutter-1.7.3-1 except that the package is renamed to be consistent with the packages provided by Fedora.
- CERT-Forensics-Tools-1.0-88.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-88.{fc31,el7,el8}.x86_64.rpm -
This relese does the following:
- Obsoletes cutter.
- Added cutter-re.
- aeskeyfind-1.0-3.{fc31,el7,el8}.x86_64.rpm and aeskeyfind-1.0-3.fc30.{i686,x86_64}.rpm -
Aeskeyfind
illustrates automatic techniques for locating 128-bit and 256-bit AES keys in a captured memory image.
This package has been removed form the repository because it is now provided by Fedora.
- fmem-kernel-modules-fc31-x86_64-1.6-1.15.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-15.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.33.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-33.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el7-x86_64-1.6-1.64.noarch.rpm -
Due to configuration errors, support for the following kernels were added for Fmem:
- lime-kernel-modules-el7-x86_64-1.1.r17-64.noarch.rpm -
Due to configuration errors, support for the following kernels were added for LiME:
|
|
March 13, 2020:
The following changes have been made:
- pfring-7.6.0-2867.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2867.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2314.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- pfring-7.6.0-2867.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2867.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2314.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.14.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-14.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.32.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-32.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.63.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-63.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
March 4, 2020:
The following changes have been made:
- python3-dfvfs-20200211-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python36-dfvfs-20200211-1.el7.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to
file-system objects from various storage media types and file formats.
- plaso-20200227-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20200227-1.{fc31,el7,el8}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
- pfring-7.6.0-2853.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2853.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2295.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.13.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.5.7-200 for FC31
- 5.5.6-201 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-13.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.5.7-200 for FC31
- 5.5.6-201 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.31.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.5.7-100 for FC30
- 5.5.6-100 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-31.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.5.7-100 for FC30
- 5.5.6-100 for FC30
|
|
February 28, 2020:
The following changes have been made:
- libfsntfs{,-devel,-python3}-20200223-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200223-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200223-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200223-1.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
- python3-xlsxwriter-1.2.8-1.{fc26,fc27,fc28,fc29,fc30,el8}.noarch.rpm and python36-xlsxwriter-1.2.8-1.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
Note that the Python 2 version is no longer provided.
- python{2,3}-future-0.18.2-1.{fc31,el8}.noarch.rpm -
Python-Future is the missing compatibility layer between Python 2 and Python 3.
It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead.
This package was built to support the packaging of Python-PEFile
which in turn is needed to support the packaging of Volatility-community-plugins.
- python3-idna-2.9-1.{fc26,fc27,fc28,el8}.noarch.rpm and python36-idna-2.10-1.el7.noarch.rpm -
IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891.
This is the latest version of the protocol and is sometimes referred to as "IDNA 2008".
- python36-psutil-5.7.0-1.el7.x86_64.rpm -
Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network) in Python.
Note that the Python 2 version is no longer provided.
- python{2,3}-requests-2.23.0-1.fc26.{i686,x86_64}.rpm and python36-requests-2.23.0-1.el7.x86_64.rpm -
Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings.
Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-3.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-3.{fc31,el7,el8}.x86_64.rpm and -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28.
This release contains those fixes.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-4.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-4.{fc31,el6,el7,el8}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28.
This release contains those fixes.
- analysis-pipeline-5.11.3-3.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-3.{fc31,el7,el8}.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt to use silk 3.19.0 release 3.
- prism-1.2-8.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and prism-1.2-8.{fc31,el7,el8}.x86_64.rpm -
The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool.
The script can be used directly, or might be used as a component in other more specialized scripts.
In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup.
This package was rebuilt to use silk 3.19.0.
- super_mediator-1.7.1-2.{fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.1-2.{fc31,el7,el8}.x86_64.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
This package was rebuilt to use silk 3.19.0.
- fmem-kernel-modules-common-1.6-1.5.noarch.rpm -
Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations.
This package contains the source code for making the FMEM kernel modules and the install-fmem script.
The changes are the following:
- Fmem code up to date as of February 28, 2020 which incorporates changes for Linux 5.5 kernels.
- pfring-7.6.0-2852.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2852.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2295.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.12.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-12.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.30.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-30.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
February 21, 2020:
The following changes have been made:
- cutter-1.10.1-1.fc30.{i686,x86_64}.rpm and cutter-1.10.1-1.fc31.x86_64.rpm -
Cutter is a Qt and C++
GUI for radare2 reverse engineering framework.
Its goal is making an advanced, customizable, and FOSS (free and open-source software) reverse-engineering platform while keeping the user experience at mind.
Cutter is created by reverse engineers for reverse engineers.
Note that this release is only available for Fedora 30 and 31 because it relies on Qt version 5.12.
- ghidra-9.1.2-PUBLIC_20200212.1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and ghidra-9.1.2-PUBLIC_20200212.1.{fc26,fc31,el7,el8}.x86_64.rpm -
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms
including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
See the list of changes and improvement here.
- pfring-7.6.0-2845.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2845.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2284.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.11.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.4.20-200 for FC31
- 5.4.19-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-11.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.4.20-200 for FC31
- 5.4.19-200 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.29.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-29.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
February 17, 2020:
The following changes have been made:
- Volatility-community-plugins-20190729-4.{fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community.
This package was updated to reflect the removal of python2-simplejson from EPEL for CentOS/RHEL 8.
No changes were made for any of the other provided systems.
|
|
February 14, 2020:
The following changes have been made:
- python3-artifacts-20200118-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, artifacts-data-20200118-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm,
python36-artifacts-20200118-2.el7.x86_64.rpm, artifacts-data-20200118-2.el7.x86_64.rpm,
python3-artifacts-20200118-2.{fc31,el8}.x86_64.rpm, artifacts-data-20200118-2.{fc31,el8}.x86_64.rpm -
Artifacts is a free, community-sourced,
machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
Note that the Python 2 version is no longer provided.
- python{2,3}-cffi-1.14.0-1.el8.x86_64.rpm and cffi-doc-1.14.0-1.el8.noarch.rpm -
Python-CFFI is a C Foreign Function Interface for Python.
Interact with almost any C code from Python, based on C-like declarations that you can often copy-paste from header files or documentation.
- python3-dfdatetime-20200121-2.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python36-dfdatetime-20200121-2.el7.noarch.rpm -
dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
Note that the Python 2 version is no longer provided.
- python3-dfvfs-20200121-2.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python36-dfvfs-20200121-2.el7.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to
file-system objects from various storage media types and file formats.
Note that the Python 2 version is no longer provided.
- python3-dfwinreg-20200121-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dfwinreg-20200121-2.el7.x86_64.rpm, and python3-dfwinreg-20200121-2.{fc31,el8}.x86_64.rpm -
DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
Note that the Python 2 version is no longer provided.
- python3-dfwinreg-20200121-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dfwinreg-20200121-2.el7.x86_64.rpm, and python3-dfwinreg-20200121-2.{fc31,el8}.x86_64.rpm -
DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
Note that the Python 2 version is no longer provided.
- python3-dtfabric-20200119-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dtfabric-20200119-2.el7.x86_64.rpm, and python3-dtfabric-20200119-2.{fc31,el8}.x86_64.rpm -
Dtfabric is a project to manage data types and structures,
as used in the libyal projects.
Note that the Python 2 version is no longer provided.
- libfsntfs{,-devel,-python3}-20200201-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200201-2.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200201-2.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200201-2.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
Note that the Python 2 version is no longer provided.
- zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.1-0.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbroker-devel-3.0.1-0.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.1-0.{fc31,el7,el8}.x86_64.rpm, and libbroker-devel-3.0.1-0.{fc31,el7,el8}.x86_64.rpm -
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well.
Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception.
Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
Zeek was originally developed by Vern Paxson.
Robin Sommer now leads the project, jointly with a core team of researchers and developers at the
International Computer Science Institute in Berkeley, CA; and the
National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek.
To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin
[[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
- python{2,3}-elasticsearch-7.5.1-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python{2,36}-elasticsearch-7.5.1-1.el7.x86_64.rpm, and python{2,3}-elasticsearch-7.5.1-1.{fc31,el8}.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
- libluksde{,-devel,-python3,-tools}-20200205-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libluksde{,-devel,-python2,-tools}-20200205-1.el6.{i686,x86_64}.rpm, libluksde{,-devel,-python36,-tools}-20200205-1.el7.x86_64.rpm, and libluksde{,-devel,-python3,-tools}-20200205-1.{fc31,el8}.x86_64.rpm -
Libluksde is a library and tools used to access LUKS Disk Encryption encrypted volumes.
Note that the Python 2 version is only provided for CentOS/RHEL 6.
- libsmdev{,-devel,-python3}-20200210-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2}-20200210-1.el6.{i686,x86_64}.rpm, libsmdev{,-devel,-python36}-20200210-1.el7.x86_64.rpm, and libsmdev{,-devel,-python3}-20200210-1.{fc31,el8}.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
Note that the Python 2 version is only provided for CentOS/RHEL 6.
- python36-lz4-3.0.2-1.el7.x86_64.rpm -
LZ4 contains the python bindings for the lz4 compression library.
Note that the Python 2 version is no longer provided.
- sleuthkit{,-devel,-libs}-4.8.0-1.1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.8.0-1.1.{fc31,el7}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
Note that CentOS/RHEL 6 is no longer being udpated.
- autopsy-4.14.0-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.14.0-1.{fc31,el7,el8}.x86_64.rpm -
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer.
You can even use it to recover photos from your camera's memory card.
Note: this release no longer requires JDK from Oracle for Fedora 25 through 30, relying instead on version 1.8.0 of OpenJDK version provided by Fedora, along with version 1.8.0 of OpenJFX, also provided by Fedora.
However, for CentOS/RHEL 7 and 8,the latest version of JDK 8 from Oracle is required and this package has been added to the appropriate repositories.
In addition, this release also contains a autopsy.desktopfile that supports the GNOME and Mate Window managers.
Further, note that CentOS/RHEL 6 is no longer being udpated.
- python3-pytsk3-20200117-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-pytsk3-20200117-1.el7.x86_64.rpm, and python3-pytsk3-20200117-1.{fc31,el8}.x86_64.rpm -
Pytsk is Python bindings for The Sleuth Kit.
- python3-idna-2.8-1.{fc26,fc27,fc28,el8}.noarch.rpm and python36-idna-2.8-1.el7.noarch.rpm -
IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891. This is the latest version of the protocol and is sometimes referred to as "IDNA 2008".
- python{2,3}-requests-2.22.0-3.fc26.{i686,x86_64}.rpm and python36-requests-2.22.0-3.el7.x86_64.rpm -
Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings.
Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
- plaso-20200121-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20200121-1.{fc31,el7,el8}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
- CERT-Forensics-Tools-1.0-87.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-87.{fc31,el7,el8}.x86_64.rpm -
The registerydecoder package was removed due to its dependence on Python 2.
- pfring-7.4.0-2835.el7.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2835.el7.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
Here is the announcement of PF_Ring 7.4.
- pfring-7.4.0-2836.el6.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2836.el6.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2242.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.10.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.4.18-200 for FC31
- 5.4.17-200 for FC31
- 5.4.15-200 for FC31
- 5.4.14-200 for FC31
- 5.4.13-201 for FC31
- 5.4.12-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-10.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.4.18-200 for FC31
- 5.4.17-200 for FC31
- 5.4.15-200 for FC31
- 5.4.14-200 for FC31
- 5.4.13-201 for FC31
- 5.4.12-200 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.28.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.4.18-100 for FC30
- 5.4.17-100 for FC30
- 5.4.14-100 for FC30
- 5.4.12-100 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-28.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.4.18-100 for FC30
- 5.4.17-100 for FC30
- 5.4.14-100 for FC30
- 5.4.12-100 for FC30
- fmem-kernel-modules-el7-x86_64-1.6-1.63.noarch.rpm -
Due to configuration errors, support for the following kernels were added for Fmem:
- lime-kernel-modules-el7-x86_64-1.1.r17-63.noarch.rpm -
Due to configuration errors, support for the following kernels were added for LiME:
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.62.noarch.rpm - Support for the following kernels were added for
Fmem:
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-62.noarch.rpm - Support for the following kernels were added for
LiME:
|
|
January 17, 2020:
The following changes have been made:
- fmem-kernel-modules-fc31-x86_64-1.6-1.9.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-9.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.27.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-27.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el8-x86_64-1.6-1.4.noarch.rpm -
Support for the following kernels were added for Fmem:
- 4.18.0-147.3.1 for EL8
- 4.18.0-147.0.3 for EL8
- 4.18.0-147 for EL8
- lime-kernel-modules-el8-x86_64-1.1.r17-4.noarch.rpm -
Support for the following kernels were added for LiME:
- 4.18.0-147.3.1 for EL8
- 4.18.0-147.0.3 for EL8
- 4.18.0-147 for EL8
|
|
January 10, 2020:
The following changes have been made:
- snort-2.9.15.1-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.15.1-1.{fc31,el7,el8}.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the changes in this version.
This release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
- snort-sample-rules-2.9.15.1-1.{fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
These rules are sample rules only and are intended to allow snort to start successfully.
These rules only flag HTTP traffic destined for port 80.
Please see the snort rules page to acquire a current set of snort rules.
- snort-openappid-2.9.1.15-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.15.1-1.{fc31,el7,el8}.x86_64.rpm -
This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort.
See here for more details.
See the OpenAppId Detector Developer Guide for more information.
To install snort-openappid on your system, you must first remove snort.
Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi
sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
- pfring-7.4.0-2804.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2804.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2155.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.8.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.4.8-200 for FC31
- 5.4.7-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-8.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.4.8-200 for FC31
- 5.4.7-200 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.26.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-26.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
January 3, 2020:
The following changes have been made:
- libluksde{,-devel,-python2,-python3,-tools}-20200101-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libluksde{,-devel,-python2,-tools}-20200101-1.el6.{i686,x86_64}.rpm, libluksde{,-devel,-python2,-python36,-tools}-20200101-1.el7.x86_64.rpm, and libluksde{,-devel,-python2,-python3,-tools}-20200101-1.{fc31,el8}.x86_64.rpm -
Libluksde is a library and tools used to access LUKS Disk Encryption encrypted volumes.
- libvslvm{,-devel,-python2,-python3}-20200102-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2}-20200102-1.el6.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-python36}-20200102-1.el7.x86_64.rpm, and libvslvm{,-devel,-python2,-python3}-20200102-1.{fc31,el8}.x86_64.rpm -
Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
|
|
December 27, 2019:
The following changes have been made:
- libbde{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbde{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libbde{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libbde{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
- libesedb{,-devel,-python2,-python3}-20192120-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libesedb{,-devel,-python2}-20192120-1.el6.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-python36}-20192120-1.el7.x86_64.rpm, and libesedb{,-devel,-python2,-python3}-20192120-1.{fc31,el8}.x86_64.rpm -
Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
- libevt{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libevt{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libevt{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
- libevtx{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libevtx{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
- libexe{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libexe{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libexe{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libexe{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libexe is a library and tools to access the executable (EXE) format.
- libfsapfs{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfsapfs{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
- libfsntfs{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
- libfvde{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfvde{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfvde{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfvde{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes.
The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
- libfwnt{,-devel,-python2,-python3}-20191222-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20191222-1.el6.{i686,x86_64}.rpm, libfwnt{,-devel,-python2,-python36}-20191222-1.el7.x86_64.rpm, and libfwnt{,-devel,-python2,-python3}-20191222-1.{fc31,el8}.x86_64.rpm -
LibFWNT is a library for Windows NT data types.
- libfwps{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwps{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfwps{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfwps{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
LibFWPS is a library for Windows Property Store data types.
- libfwsi{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfwsi{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfwsi{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
- liblnk{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and liblnk{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
- libmsiecf{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libmsiecf{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
- libolecf{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libolecf{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libolecf{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
- libqcow{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libqcow{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libqcow{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
- libregf{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libregf{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libregf{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libregf{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
- libsigscan{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsigscan{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libsigscan{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libsigscan{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libsigscan is a library and tools used to binary signature scanning.
- libsmdev{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libsmdev{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
- libsmraw{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmraw{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libsmraw{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
- libvhdi{,-devel,-python2,-python3,-tools}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20191221-1.el6.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-python36,-tools}-20191221-1.el7.x86_64.rpm, and libvhdi{,-devel,-python2,-python3,-tools}-20191221-1.{fc31,el8}.x86_64.rpm -
Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
- libvmdk{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvmdk{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libvmdk{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
- libvshadow{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvshadow{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libvshadow{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
- libvslvm{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libvslvm{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
- libwrc{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libwrc{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libwrc{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libwrc{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format.
- plaso-20191203-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20191203-1.{fc31,el7,el8}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
- python{2,3}-xlsxwriter-1.2.7-1.{fc26,fc27,fc28,fc29,fc30,el8}.noarch.rpm and python{2,36}-xlsxwriter-1.2.7-1.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- libscca{,-devel,-python2,-python3,-tools}-20191222-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, ibscca{,-devel,-python2,-tools}-20191222-1.el6.{i686,x86_64}.rpm, libscca{,-devel,-python2,-python36,-tools}-20191222-1.el7.x86_64.rpm, and libscca{,-devel,-python2,-python3,-tools}-20191222-1.{fc31,el8}.x86_64.rpm -
Libscca is a library to access the Windows Prefetch File (SCCA) format.
- python{2,3}-pyparsing-2.4.6-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm, python{2,36}-pyparsing-2.4.6-1.el7.noarch.rpm, and pyparsing-doc-2.4.6-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm -
Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions.
The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
- pfring-7.4.0-2795.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2795.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2144.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.61.noarch.rpm - Support for the following kernels were added for
Fmem:
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-61.noarch.rpm - Support for the following kernels were added for
LiME:
|
|
December 20, 2019:
The following changes have been made:
- libfwnt{,-devel,-python2,-python3}-20191219-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20191219-1.el6.{i686,x86_64}.rpm, libfwnt{,-devel,-python2,-python36}-20191219-1.el7.x86_64.rpm, and libfwnt{,-devel,-python2,-python3}-20191219-1.{fc31,el8}.x86_64.rpm -
LibFWNT, is a library for Windows NT data types.
- libfsntfs{,-devel,-python2,-python3,-tools}-20191218-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-tools}-20191218-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-python36,-tools}-20191218-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python2,-python3,-tools}-20191218-1.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
- fmem-kernel-modules-fc31-x86_64-1.6-1.7.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-7.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.25.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-25.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el7-x86_64-1.6-1.62.noarch.rpm -
Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1062.9.1 for EL7
- 3.10.0-1062.7.1 for EL7
- 3.10.0-1062.4.2 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-62.noarch.rpm -
Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1062.9.1 for EL7
- 3.10.0-1062.7.1 for EL7
- 3.10.0-1062.4.2 for EL7
|
|
December 12, 2019:
The following changes have been made:
- liblnk{,-devel,-python2,-python3,-tools}-20191209-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20191209-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36,-tools}-20191209-1.el7.x86_64.rpm, liblnk{,-devel,-python2,-python3,-tools}-20191209-1.{fc31,el8}.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
- pfring-7.4.0-2780.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2780.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2120.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc31-x86_64-1.6-1.6.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-6.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.24.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.3.15-200 for FC30
- 5.3.14-200 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-24.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.3.15-200 for FC30
- 5.3.14-200 for FC30
- fmem-kernel-modules-el7-x86_64-1.6-1.61.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el7-x86_64-1.1.r17-61.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
December 7, 2019:
The following changes have been made:
- pfring-7.4.0-2774.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2774.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2104.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
|
|
December 6, 2019:
The following changes have been made:
- certifi-2019.11.28-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm -
Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
- libfsntfs{,-devel,-python2,-python3,-tools}-20191201-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-tools}-20191201-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-python36,-tools}-20191201-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python2,-python3,-tools}-20191201-1.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
- liblnk{,-devel,-python2,-python3,-tools}-20191203-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20191203-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36,-tools}-20191203-1.el7.x86_64.rpm, liblnk{,-devel,-python2,-python3,-tools}-20191203-1.{fc31,el8}.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
- fmem-kernel-modules-fc31-x86_64-1.6-1.5.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.3.14-300 for FC31
- 5.3.13-300 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-5.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.3.14-300 for FC31
- 5.3.13-300 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.23.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-23.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el7-x86_64-1.6-1.60.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el7-x86_64-1.1.r17-60.noarch.rpm -
Support for the following kernels were added for LiME:
- Fedora 25 - Updates to Fedora 25 for both the i686 and x86_64 CPU architectures has ceased.
|
|
November 27, 2019:
The following changes have been made:
- python{2,3}-psutil-5.6.7-1.el7.x86_64.rpm -
Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network) in Python.
- pfring-7.4.0-2768.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2768.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2086.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc31-x86_64-1.6-1.4.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-4.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.22.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-22.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
November 22, 2019:
The following changes have been made:
- python{2,3}-elasticsearch-7.1.0-1.i{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python{2,36}-elasticsearch-7.1.0-1.el7.x86_64.rpm, and python{2,3}-elasticsearch-7.1.0-1.{fc31,el8}.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
- python{2,3}-xlsxwriter-1.2.6-1.{fc26,fc27,fc28,fc29,fc30,el7,el8}.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- python3-zmq{,-tests}-18.1.1-el8.x86_64.rpm and zmq{,-tests}-18.1.1-el8.x86_64.rpm -
ZMQ is the Python bindings for ØMQ. This documentation currently contains notes on some important aspects of developing PyZMQ and an overview of what the ØMQ API looks like in Python.
For information on how to use ØMQ in general, see the many examples in the excellent ØMQ Guide, all of which have a version in Python.
- python2-haystack-0.42-3.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
Python-Haystack is an heap analysis framework, focused on searching and reversing of C structure in allcoated memory.
- libffi{,-devel}-3.1-19.el8.x86_64.rpm -
Libffi is a portable foreign function interface library.
This package was built to support the packaging of python-cffi.
- python{2,3}-ply-3.11-2.el8.noarch.rpm -
Python-PLY is an implementation of lex and yacc parsing tools for Python.
This package was built to support the packaging of Python-PYCParser.
- python{2,3}-pycparser-2.14-18.el8.noarch.rpm -
Python-PYCParser is a complete C99 parser in pure Python.
This package was built to support the packaging of Python-CFFI.
- python{2,3}-cffi-1.11.5-7.el8.x86_64.rpm and python-cffi-doc-1.11.5-7.el8.noarch.rpm -
Python-CFFI is a C Foreign Function Interface for Python.
Interact with almost any C code from Python, based on C-like declarations that you can often copy-paste from header files or documentation.
This package was built to support the packaging of python-ssdeep.
- python{2,3}-ssdeep-3.2-1.el8.x86_64.rpm -
Python-SSDeep is a Python wrapper for SSDeep fuzzy hashing library.
This package was built to support the packaging of Volatility-community-plugins.
- python2-dpapick-0.3-1.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
Python-DPAPick is a Python toolkit to provide a platform-independant implementation of Microsoft's cryptography subsytem called DPAPI (Data Protection API).
This package was built to support the packaging of Volatility-community-plugins.
- python2-ioc_writer-0.3.3-1.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
Python-IOCWriter is a Python library that provides a limited CRUD for manipulating OpenIOC formatted Indicators of Compromise.
This package was built to support the packaging of Volatility-community-plugins.
- python2-pycoin-0.77-0.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
Python-PYCoin is a Python library implements many of utilities useful when dealing with bitcoin and some bitcoin-like alt-coins.
It has been tested with Python 2.7, 3.6 and 3.7.
This package was built to support the packaging of Volatility-community-plugins.
- python2-colorama-0.3.9-4.el8.noarch.rpm -
Python-Colorama is a Python library that makes ANSI escape character sequences (for producing colored terminal text and cursor positioning) work under MS Windows.
This package was built to support the packaging of Volatility-community-plugins.
- python{2,3}-m2crypto-0.30.1-2.el8.x86_64.rpm -
M2Crypto is a Python library that allows you to call OpenSSL functions from Python 2 and 3 scripts.
This package was built to support the packaging of Python-Typing.
- python2-typing-3.6.2-4.el8.noarch.rpm -
Python-Typing is a Python library that defines a standard notation for type annotations.
This package was built to support the packaging of Volatility-community-plugins.
- python{2,3}-future-0.16.0-4.el8.noarch.rpm -
Python-Future is the missing compatibility layer between Python 2 and Python 3.
It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead.
This package was built to support the packaging of Python-PEFile
which in turn is needed to support the packaging of Volatility-community-plugins.
- Volatility-community-plugins-20190729-3.el8.noarch.rpm -
The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community.
This packages was added to CentOS/RHEL 8.
- python{2,3}-pyfixbuf-0.8.1-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python2-pyfixbuf-0.8.1-1.el6.{i686,x86_64}.rpm, python{2,36}-pyfixbuf-0.8.1-1.el7.x86_64.rpm -
Pyfixbuf is a Python API for libfixbuf,
an implementation of the IPFIX protocol used for building, collecting, and exporting processes.
Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX.
Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another
IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.).
See this page for a list of problems fixed in this and all releases.
- ghidra-9.1-PUBLIC_20191023.1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and ghidra-9.1-PUBLIC_20191023.1.{fc25,fc26,fc31,el7,el8}.x86_64.rpm -
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms
including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
See the list of changes and improvement here.
- python{2,3}-requests-2.22.0-2.fc26.{i686,x86_64}.rpm and python36-requests-2.22.0-2.el7.x86_64.rpm -
Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings.
Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
In this release, the dependencies for urllib3 were updated.
- plaso-20190916-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20190708-1.{fc31,el7,el8}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
This release uses Python 3 instead of Python 2.
Please note that for Fedora 25, of all of the ancillary packages needed by plaso use the pip program in a Python
Virtual Environment.
Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found
here.
For Fedora 25, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon.
Note that this updates the dependent packages but not plaso.
The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
|
|
November 15, 2019:
The following changes have been made:
- python{2,3}-xlsxwriter-1.2.5-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- python{2,3}-pyparsing-2.4.5-1.{fc26,fc27,fc28,fc29,el8}.noarch.rpm, python2-pyparsing-2.4.4-1.el6.noarch.rpm, and pyparsing-doc-2.4.4-1.{fc26,fc27,fc28,fc29,el6,el8}.noarch.rpm -
Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions.
The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
- libesedb{,-devel,-python2,-python3,-tools}-20191111-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-tools}-20191111-1.el6.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-python36,-tools}-20191111-1.el7.x86_64.rpm, and libesedb{,-devel,-python2,-python3,-tools}-20191111-1.el8.x86_64.rpm -
Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
- libsmdev{,-devel,-python2,-python3,-tools}-20191112-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-tools}-20191112-1.el6.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-python36,-tools}-20191112-1.el7.x86_64.rpm, and libsmdev{,-devel,-python2,-python3,-tools}-20191112-1.el8.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
- pfring-7.4.0-2751.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2751.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2057.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc31-x86_64-1.6-1.3.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.3.11-300 for FC31
- 5.3.9-300 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-3.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.3.11-300 for FC31
- 5.3.9-300 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.21.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-21.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.37.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-37.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el7-x86_64-1.6-1.59.noarch.rpm -
Support for the following kernels were added for Fmem:
- 3.10.0-1062.4.3 for EL7
- 3.10.0-1062.4.2 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-59.noarch.rpm -
Support for the following kernels were added for LiME:
- 3.10.0-1062.4.3 for EL7
- 3.10.0-1062.4.2 for EL7
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.60.noarch.rpm - Support for the following kernels were added for
Fmem:
- 2.6.32-754.23.3 for EL6
- 2.6.32-754.23.2 for EL6
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-60.noarch.rpm - Support for the following kernels were added for
LiME:
- 2.6.32-754.23.3 for EL6
- 2.6.32-754.23.2 for EL6
|
|
November 8, 2019:
The following changes have been made:
- daq{,-devel,-modules}-2.0.6-8.1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and daq{,-devel,-modules}-2.0.6-8.1.{el7,el8}.x86_64.rpm -
The Data Acquisition Library (Daq) is a library used by snort.
- libregf{,-devel,-python2,-python3,-tools}-20191102-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libregf{,-devel,-python2,-tools}-20191102-1.el6.{i686,x86_64}.rpm, libregf{,-devel,-python2,-python36-tools}-20191102-1.el7.x86_64.rpm, and libregf{,-devel,-python2,-python3-tools}-20191102-1.el8.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
- libsmdev{,-devel,-python2,-python3,-tools}-20191103-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-tools}-20191103-1.el6.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-python36,-tools}-20191103-1.el7.x86_64.rpm, and libsmdev{,-devel,-python2,-python3,-tools}-20191103-1.el8.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
- libsmraw{,-devel,-python2,-python3,-tools}-20191103-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-tools}-20191103-1.el6.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-python36,-tools}-20191103-1.el7.x86_64.rpm, and libsmraw{,-devel,-python2,-python3,-tools}-20191103-1.el8.x86_64.rpm -
Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
- libvshadow{,-devel,-python2,-python3,-tools}-20191103-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-tools}-20191103-1.el6.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-python36,-tools}-20191103-1.el7.x86_64.rpm, and libvshadow{,-devel,-python2,-python3,-tools}-20191103-1.el8.x86_64.rpm -
Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
- libqcow{,-devel,-python2,-python3,-tools}-20191103-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-tools}-20191103-1.el6.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-python36,-tools}-20191103-1.el7.x86_64.rpm, and libqcow{,-devel,-python2,-python3,-tools}-20191103-1.el8.x86_64.rpm -
Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
- libfsapfs{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libfsapfs{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
- libfvde{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfvde{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libfvde{,-devel,-python2,-python36,-tools}-20191104-1.el7.6_64.rpm, and libfvde{,-devel,-python2,-python3,-tools}-20191104-1.el7.6_64.rpm -
Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes.
The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
- libfwnt{,-devel,-python2,-python3}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20191104-1.el6.{i686,x86_64}.rpm, libfwnt{,-devel,-python2,-python36}-20191104-1.el7.x86_64.rpm, and libfwnt{,-devel,-python2,-python3}-20191104-1.el8.x86_64.rpm -
LibFWNT, is a library for Windows NT data types.
- libmsiecf{,-devel,-python2,-python3,-tools}-29101104-1.{fc25,fc26,fc26,fc27,fc29,fc30}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-tools}-29101104-1.el6.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-python36,-tools}-29101104-1.el7.x86_64.rpm, and libmsiecf{,-devel,-python2,-python3,-tools}-29101104-1.el8.x86_64.rpm -
Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
- libolecf{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libolecf{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
- libscca{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, ibscca{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libscca{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libscca{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
Libscca is a library to access the Windows Prefetch File (SCCA) format.
- libvhdi{,-devel,-python2,-python3,-tools}-20191104-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libvhdi{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
- libvmdk{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libvmdk{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
- libbde{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbde{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, , libbde{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libbde{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
- libevt{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libevt{,-devel,-python2,-python36,-tools}-20191104-5.el7.x86_64.rpm, and libevt{,-devel,-python2,-python3,-tools}-20191104-5.el8.x86_64.rpm -
Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
- libevtx{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_65.rpm, and libevtx{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_65.rpm -
Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
- libvslvm{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libvslvm{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
- Volatility-community-plugins-20190729-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm -
The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community.
This package was updated to change dependencies.
- python2-haystack-0.42-2.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm -
Python-Haystack is an heap analysis framework, focused on searching and reversing of C structure in allcoated memory.
- rifiuti2-0.7.0-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and rifiuti2-0.7.0-3.el7.x86_64.rpm -
rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file.
This package was updated to avoid a conflict with the rifiuti package.
- python{2,3}-pyparsing-2.4.4-1.{fc26,fc27,fc28,fc29,el8}.noarch.rpm, python2-pyparsing-2.4.4-1.el6.noarch.rpm, and pyparsing-doc-2.4.4-1.{fc26,fc27,fc28,fc29,el6,el8}.noarch.rpm -
Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions.
The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
- python{2,3}-psutil-5.6.5-1.el7.x86_64.rpm -
Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network) in Python.
- python{2,3}-xlsxwriter-1.2.3-1.{fc26,fc27,fc28,fc29,fc30,el7,el8}.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- pfring-7.4.0-2741.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2741.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2048.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc31-x86_64-1.6-1.2.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-2.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.20.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-20.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-1.6-1.18.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for Fmem.
Support for Fedora 31 x86_64 architecture was added.
- lime-kernel-modules-1.1.r17-18.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for LiME.
Support for Fedora 31 x86_64 architecture was added.
- Fedora 31 - The repository now supports Fedora 31
for the x86_64 CPU architecture.
Here is the list of tools provided for Fedora 31:
|
|
November 1, 2019:
The following changes have been made:
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-1.{el7,el8}.x86_64.rpm and -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
- libipa{,-devel,python}-0.5.2-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and libipa{,-devel,python}-0.5.2-3.{el6,el7,el8}.x86_64.rpm -
LibIPA an IP address annotation system.
IPA provides a flexible and efficient repository of IP address information, tools for querying and maintaining the data, and shared libraries and modules for data access.
For more information, read the IPA documentation.
Note: this release provides no new functionality.
This package was rebuild to change the name from ipa to libipa to address a conflict with CentOS/RHEL 8.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-2.{el6,el7,el8}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
- analysis-pipeline-5.11.3-2.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-2.{el7,el8}.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt to use silk 3.19.0.
- prism-1.2-7.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and prism-1.2-7.{el7,el8}.x86_64.rpm -
The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool.
The script can be used directly, or might be used as a component in other more specialized scripts.
In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup.
This package was rebuilt to use silk 3.19.0.
- super_mediator-1.7.1-1.{fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.1-1.{el7,el8}.x86_64.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
See here for a list of changes in this version.
- libfwsi{,-devel,-python2,-python3}-20191025-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20191025-1.el6.{i686,x86_64}.rpm, libfwsi{,-devel,-python2,-python36}-20191025-1.el7.x86_64.rpm, and libfwsi{,-devel,-python2,-python36}-20191025-1.el8.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
- liblnk{,-devel,-python2,-python3,-tools}-20191027-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20191027-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36,-tools}-20191027-1.el7.x86_64.rpm, and liblnk{,-devel,-python2,-python36,-tools}-20191027-1.el8.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
- python{2,3}-yara-3.11.0-1.{i386,x86_64}.fc30.rpm, python2-yara-3.11.0-1.{i386,x86_64}.el6.rpm, and python{2,3}-yara-3.11.0-1.x86_64.el8.rpm -
Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
- libregf{,-devel,-python2,-python3,-tools}-20191029-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-tools}-20191029-1.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-python36-tools}-20191029-1.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
- libscca{,-devel,-python2,-python3,-tools}-20191029-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and libscca{,-devel,-python2,-python36,-tools}-20191029-1.el7.x86_64.rpm -
Libscca is a library to access the Windows Prefetch File (SCCA) format.
- pfring-7.4.0-2736.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2736.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2011.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.19.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-19.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.36.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-36.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el7-x86_64-1.6-1.58.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el7-x86_64-1.1.r17-58.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
October 25, 2019:
The following changes have been made:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.18.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-18.noarch.rpm -
Modules for the following kernels were rebuilt to use the latest version of LiME:
5.3.6-200
5.3.5-200
5.2.18-200
5.2.17-200
|
5.2.16-200
5.2.15-200
5.2.14-200
5.2.13-200
|
5.2.11-200
5.2.9-200
5.2.8-200
5.2.7-200
|
5.2.6-200
5.2.5-200
5.1.20-300
5.1.19-300
|
5.1.18-300
5.1.17-300
5.1.16-300
5.1.15-300
|
5.1.12-300
5.1.11-300
5.1.9-300
5.1.8-300
|
5.1.7-300
5.1.6-300
5.1.5-300
5.0.17-300
|
5.0.16-300
5.0.14-300
5.0.13-300
5.0.11-300
|
5.0.10-300
5.0.9-301
|
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.35.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-35.noarch.rpm -
Support for the following kernels were added for LiME:
5.2.7-100
5.2.18-100
5.2.17-100
5.2.11-100
5.1.9-200
5.1.8-200
|
5.1.6-200
5.1.21-200
5.1.20-200
5.1.18-200
5.1.16-200
5.1.15-200
|
5.1.11-200
5.0.9-200
5.0.8-200
5.0.7-200
5.0.6-200
5.0.5-200
|
5.0.4-200
5.0.3-200
5.0.19-200
5.0.17-200
5.0.16-200
5.0.14-200
|
5.0.13-200
5.0.11-200
5.0.10-200
4.20.8-200
4.20.7-200
4.20.6-200
|
4.20.5-200
4.20.4-200
4.20.3-200
4.20.16-200
4.20.15-200
4.20.14-200
|
4.20.13-200
4.20.12-200
4.20.11-200
4.20.10-200
4.19.9-300
4.19.8-300
|
4.19.7-300
4.19.6-300
4.19.5-300
4.19.4-300
4.19.3-300
4.19.2-301
|
4.19.2-300
4.19.15-300
4.19.14-300
4.19.13-300
4.19.12-301
4.19.10-300
|
4.18.18-300
4.18.17-300
4.18.16-300
4.18.14-300
|
- fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.42.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-42.noarch.rpm -
Support for the following kernels were added for LiME:
5.0.9-100
5.0.8-100
5.0.7-100
5.0.6-100
5.0.5-100
5.0.16-100
5.0.13-100
|
5.0.11-100
4.20.8-100
4.20.7-100
4.20.6-100
4.20.5-100
4.20.4-100
4.20.17-100
|
4.20.16-100
4.20.15-100
4.20.14-100
4.20.11-100
4.19.8-200
4.19.7-200
4.19.6-200
|
4.19.5-200
4.19.4-200
4.19.3-200
4.19.2-200
4.19.16-200
4.19.15-200
4.19.14-200
|
4.19.13-200
4.19.12-200
4.19.10-200
4.18.9-200
4.18.8-200
4.18.7-200
4.18.5-200
|
4.18.18-200
4.18.17-200
4.18.16-200
4.18.14-200
4.18.13-200
4.18.12-200
4.18.10-200
|
4.17.9-200
4.17.7-200
4.17.6-200
4.17.5-200
4.17.4-200
4.17.3-200
4.17.2-200
|
4.17.19-200
4.17.18-200
4.17.17-200
4.17.14-202
4.17.12-200
4.17.11-200
4.16.9-300
|
4.16.8-300
4.16.7-300
4.16.6-302
4.16.5-300
4.16.3-301
4.16.16-300
4.16.15-300
|
4.16.14-300
4.16.13-300
4.16.12-300
4.16.11-300
4.16.10-300
|
- fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.44.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-44.noarch.rpm -
Support for the following kernels were added for LiME:
4.18.9-100
4.18.7-100
4.18.19-100
4.18.18-100
4.18.16-100
4.18.15-100
4.18.13-100
|
4.18.12-100
4.18.10-100
4.17.9-100
4.17.7-100
4.17.6-100
4.17.5-100
4.17.3-100
|
4.17.2-100
4.17.19-100
4.17.17-100
4.17.14-102
4.17.12-100
4.17.11-100
4.16.9-200
|
4.16.7-200
4.16.6-202
4.16.5-200
4.16.4-200
4.16.3-200
4.16.16-200
4.16.15-200
|
4.16.14-200
4.16.13-200
4.16.12-200
4.16.11-200
4.15.9-300
4.15.8-300
4.15.7-300
|
4.15.6-300
4.15.4-300
4.15.3-300
4.15.17-300
4.15.16-300
4.15.15-300
4.15.14-300
|
4.15.13-300
4.15.12-301
4.15.10-300
4.14.8-300
4.14.7-300
4.14.6-300
4.14.5-300
|
4.14.3-300
4.14.18-300
4.14.16-300
4.14.14-300
4.14.13-300
4.14.11-300
4.13.9-300
|
4.13.16-302
4.13.16-300
4.13.15-300
4.13.13-300
4.13.12-300
|
- fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.38.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-38.noarch.rpm -
Support for the following kernels were added for LiME:
4.16.7-100
4.16.11-100
4.15.9-200
4.15.7-200
4.15.6-200
|
4.15.4-200
4.15.3-200
4.15.17-200
4.15.16-200
4.15.15-200
|
4.15.14-200
4.15.12-201
4.15.10-200
4.14.8-200
4.14.6-200
|
4.14.5-200
4.14.4-200
4.14.18-200
4.14.16-200
4.14.14-200
|
4.14.13-200
4.14.11-200
4.13.9-200
4.13.8-200
4.13.5-200
|
4.13.4-200
4.13.16-202
4.13.16-200
4.13.15-200
4.13.13-200
|
4.13.12-200
4.13.11-200
4.13.10-200
4.12.9-300
4.12.8-300
|
4.12.5-300
4.12.14-300
4.12.13-300
4.12.12-300
4.12.11-300
|
4.11.9-300
4.11.8-300
4.11.11-300
4.11.10-300
|
- fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.50.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-50.noarch.rpm -
Support for the following kernels were added for LiME:
4.13.16-100
4.13.15-100
4.13.13-100
4.13.12-100
4.13.11-100
|
4.13.10-100
4.13.8-100
4.13.5-100
4.12.14-200
4.12.13-200
|
4.12.11-200
4.12.9-200
4.12.8-200
4.11.12-200
4.11.11-200
|
4.11.10-200
4.11.9-200
4.11.8-200
4.11.7-200
4.11.6-201
|
4.11.5-200
4.11.4-200
4.11.3-200
4.11.3-202
4.10.17-200
|
4.10.16-200
4.10.15-200
4.10.10-200
4.10.9-200
4.10.8-200
|
4.10.6-200
4.10.5-200
4.9.14-200
4.9.13-200
4.9.13-201
|
4.9.12-200
4.9.11-200
4.9.10-200
4.9.9-200
4.9.8-201
|
4.9.7-201
4.9.6-200
4.9.5-200
4.9.4-201
4.9.3-200
|
4.8.16-300
4.8.15-300
4.8.14-300
4.8.13-300
4.8.12-300
|
4.8.11-300
4.8.10-300
4.8.8-300
4.8.6-300
|
- fmem-kernel-modules-el8-x86_64-1.6-1.3.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-el8-x86_64-1.1.r17-3.noarch.rpm -
Support for the following kernels were added for LiME:
4.18.0-80.11.2
|
4.18.0-80.11.1
|
4.18.0-80.7.2
|
4.18.0-80.7.1
|
4.18.0-80.4.2
|
4.18.0-80.1.2
|
4.18.0-80
|
- fmem-kernel-modules-el7-x86_64-1.6-1.57.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-el7-x86_64-1.1.r17-57.noarch.rpm -
Support for the following kernels were added for LiME:
3.10.0-1062.1.2
3.10.0-1062.1.1
3.10.0-1062
3.10.0-957.5.1
3.10.0-957.27.2
3.10.0-957.21.3
3.10.0-957.21.2
3.10.0-957.1.3
3.10.0-957.12.2
3.10.0-957.12.1
3.10.0-957.10.1
3.10.0-957
|
3.10.0-862.3.3
3.10.0-862.9.1
3.10.0-862.6.3
3.10.0-862.3.2
3.10.0-862.2.3
3.10.0-862.14.4
3.10.0-862.11.6
3.10.0-862
3.10.0-693.5.2
3.10.0-693.2.2
3.10.0-693.21.1
3.10.0-693.2.1
|
3.10.0-693.17.1
3.10.0-693.11.6
3.10.0-693.11.1
3.10.0-693.1.1
3.10.0-693
3.10.0-514.6.2
3.10.0-514.6.1
3.10.0-514.26.2
3.10.0-514.26.1
3.10.0-514.2.2
3.10.0-514.21.2
3.10.0-514.21.1
|
3.10.0-514.16.1
3.10.0-514.10.2
3.10.0-514
3.10.0-327.4.5
3.10.0-327.4.4
3.10.0-327.36.3
3.10.0-327.36.2
3.10.0-327.36.1
3.10.0-327.3.1
3.10.0-327.28.3
3.10.0-327.28.2
3.10.0-327.22.2
|
3.10.0-327.18.2
3.10.0-327.13.1
3.10.0-327.10.1
3.10.0-327
3.10.0-229.7.2
3.10.0-229.4.2
3.10.0-229.20.1
3.10.0-229.14.1
3.10.0-229.1.2
3.10.0-229.11.1
3.10.0-229
3.10.0-123.9.3
|
3.10.0-123.9.2
3.10.0-123.8.1
3.10.0-123.6.3
3.10.0-123.4.4
3.10.0-123.4.2
3.10.0-123.20.1
3.10.0-123.13.2
3.10.0-123.13.1
3.10.0-123.1.2
3.10.0-123
|
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.59.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-59.noarch.rpm -
Support for the following kernels were added for LiME:
2.6.32-754.23.1
2.6.32-754.22.1
2.6.32-754.18.2
2.6.32-754.17.1
2.6.32-754.15.3
2.6.32-754.14.2
2.6.32-754.12.1
2.6.32-754.11.1
2.6.32-754.10.1
2.6.32-754.9.1
2.6.32-754.6.3
2.6.32-754.3.5
2.6.32-754.2.1
2.6.32-754
|
2.6.32-696.30.1
2.6.32-696.28.1
2.6.32-696.23.1
2.6.32-696.20.1
2.6.32-696.18.7
2.6.32-696.16.1
2.6.32-696.13.2
2.6.32-696.10.3
2.6.32-696.10.2
2.6.32-696.10.1
2.6.32-696.6.3
2.6.32-696.3.2
2.6.32-696.3.1
2.6.32-696.1.1
|
2.6.32-696
2.6.32-642.15.1
2.6.32-642.13.2
2.6.32-642.13.1
2.6.32-642.11.1
2.6.32-642.6.2
2.6.32-642.6.1
2.6.32-642.4.2
2.6.32-642.3.1
2.6.32-642.1.1
2.6.32-642
2.6.32-573.26.1
2.6.32-573.22.1
2.6.32-573.18.1
|
2.6.32-573.12.1
2.6.32-573.8.1
2.6.32-573.7.1
2.6.32-573.3.1
2.6.32-573.1.1
2.6.32-573
2.6.32-504.30.3
2.6.32-504.23.4
2.6.32-504.16.2
2.6.32-504.12.2
2.6.32-504.8.1
2.6.32-504.3.3
2.6.32-504.1.3
2.6.32-504
|
2.6.32-431.29.2
2.6.32-431.23.3
2.6.32-431.20.5
2.6.32-431.20.3
2.6.32-431.17.1
2.6.32-431.11.2
2.6.32-431.5.1
2.6.32-431.3.1
2.6.32-431.1.2.0.1
2.6.32-431
2.6.32-358.23.2
2.6.32-358.18.1
2.6.32-358.14.1
2.6.32-358.11.1
|
2.6.32-358.6.2
2.6.32-358.6.1
2.6.32-358.2.1
2.6.32-358.0.1
2.6.32-358
2.6.32-279
2.6.32-220
2.6.32-131.0.15
2.6.32-71.29.1
2.6.32-71.24.1
2.6.32-71.18.2
2.6.32-71.18.1
2.6.32-71.14.1
2.6.32-71.7.1
2.6.32-71
|
- lime-kernel-modules-common-1.1.r17-5.noarch.rpm - LiME is a
Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android.
This package contains only the source code for making the LiME kernel modules, the CaptureMemoryWithLime script and the corresponding manual page.
The changes are the following:
- LiME code up to date as of October 21, 2019.
- CaptureMemoryWithLime fixes an error where the image file name contained spaces.
- fmem-kernel-modules-common-1.6-1.4.noarch.rpm - Fmem is kernel module that creates
device /dev/fmem, similar to /dev/mem but without limitations.
This package contains the source code for making the FMEM kernel modules and the install-fmem script.
The changes are the following:
- Fmem code up to date as of October 21, 2019.
- install-mem fixes an error where the path to the kernel modules was wrong.
- pfring-7.4.0-2734.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2734.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2002.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- python{2,3}-distorm3-3.4.1-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, python2-distorm3-3.4.1-2.el6.{i386,x86_64}.rpm, python{2,36}-distorm3-3.4.1-2.el7.x86_64.rpm, and python{2,3}-distorm3-3.4.1-2.el8.x86_64.rpm -
Distorm3 is a lightweight, easy-to-use and fast decomposer library.
It disassembles instructions in 16, 32 and 64 bit modes.
Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX.
Distorm3 is used by The Volatility Framework.
|
|
October 18, 2019:
The following changes have been made:
- libfwsi{,-devel,-python2,-python3}-20191012-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20191012-1.el6.{i686,x86_64}.rpm, libfwsi{,-devel,-python2,-python36}-20191012-1.el7.x86_64.rpm, and libfwsi{,-devel,-python2,-python3}-20191012-1.el8.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
- ADIA -
This item is the VMware and Virtual Box-based appliances built with CentOS 7.7.1908 for the x86_64 architecture.
See here for more details.
The release consists of the following:
- python{2,3}-xlsxwriter-1.2.2-1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.2.2-1.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- pfring-7.4.0-2710.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2710.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-1979.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.17.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.3.6-200 for FC30
- 5.3.5-200 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-17.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.3.6-200 for FC30
- 5.3.5-200 for FC30
- fmem-kernel-modules-el8-x86_64-1.6-1.2.noarch.rpm -
Support for the following kernels were added for Fmem:
- 4.18.0-80.11.2 for EL8
- 4.18.0-80.11.1 for EL8
- 4.18.0-80.7.2 for EL8
- 4.18.0-80.7.1 for EL8
- 4.18.0-80.4.2 for EL8
- 4.18.0-80.1.2 for EL8
- lime-kernel-modules-el8-x86_64-1.1.r17-2.noarch.rpm -
Support for the following kernels were added for LiME:
- 4.18.0-80.11.2 for EL8
- 4.18.0-80.11.1 for EL8
- 4.18.0-80.7.2 for EL8
- 4.18.0-80.7.1 for EL8
- 4.18.0-80.4.2 for EL8
- 4.18.0-80.1.2 for EL8
|
|
October 11, 2019:
The following changes have been made:
|
|
|