Linux Forensics Tools Repository: Package Summary for Packages on May 10, 2011:

  • ddrescue-1.14-1.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - Ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors. Here are the changes:
    • Added new option `-R, --reverse'.
    • Added new option `-E, --max-error-rate'.
    • Extended syntax `--max-errors=+N' to specify new errors.
    • Changed short name of option `--retrim' to `-M'.
    • Removed spurious warning about `preallocation not available'.
    • Code reorganization. New class `Genbook'.

  • gparted-0.8.0-1.{fc11,fc12,fc13,fc14}.{i386,x86_64}.rpm - Gparted is a free partition editor for graphically managing your disk partitions See the release notes for details. Note that this update does not apply to the CentOS repositories.
  • nmap{,-frontend}-5.51-1.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - Nmap is a free and open source utility for network exploration or security auditing. See the change log for details.
  • p7zip{,-plugins}-9.20.1-1.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - P7zip is a quick port of 7z.exe and 7za.exe (command line version of 7zip, see www.7-zip.org) for Unix. 7-Zip is a file archiver with highest compression ratio. Here are the changes:
    • 7-Zip now supports LZMA2 compression method.
    • 7-Zip now can update solid .7z archives.
    • 7-Zip now supports XZ archives.
    • 7-Zip now supports PPMd compression in ZIP archives.
    • 7-Zip now can unpack NTFS, FAT, VHD, MBR, APM, SquashFS, CramFS, MSLZ archives.
    • 7-Zip now can unpack GZip, BZip2, LZMA, XZ and TAR archives from stdin.
    • 7-Zip now can unpack some TAR and ISO archives with incorrect headers.
    • 7-Zip now supports files that are larger than 8 GB in TAR archives.
    • NSIS and WIM support was improved.
    • Partial parsing for EXE resources, SWF and FLV.
    • The support for archives in installers was improved.
    • 7-Zip now can stores NTFS file timestamps to ZIP archives.
    • Speed optimizations in PPMd codec.
    • Speed optimizations in CRC calculation code for Intel's Atom CPUs.
    • New -scrc switch to calculate total CRC-32 during extracting / testing.
    • 7-Zip File Manager now doesn't use temp files to open nested archives stored without compression.
    • Disk fragmentation problem for ZIP archives created by 7-Zip was fixed.
    • Some bugs were fixed.
    • New localizations: Hindi, Gujarati, Sanskrit, Tatar, Uyghur, Kazakh.
    • Not in p7zip : Speed optimizations in AES code for Intel's 32nm CPUs.

  • libfixbuf{,-devel}-1.0.0-1.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). Here are the changes:
    • Added functionality to adhere to the proposed IPFIX extension: "Export of Structured Data in IPFIX". This proposed standard allows for the following three new data types.
    • Added new data type: fbBasicList_t to house fixbuf "basicLists."
    • Added new data type: fbSubTemplateList_t to house fixbuf "subTemplateLists."
    • Added new data type: fbSubTemplateMultiList_t to house fixbuf "subTemplateMultiLists."
    • Added the functionality to handle multiple listeners, allowing for connections on multiple ports.
    • Support for Netflow V9.
    • Spread support has been expanded to allow for greater flexibility in using one exporter to publish to multiple groups.
    • Templates are now managed on a per-group basis for a Spread exporter.
    • Templates can now be multicasted to select Spread groups.
    • Default Automatic Mode for Listeners is now set to true.
    • Many other bug fixes.

  • yaf{,-devel}-2.0.0-1.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Here are the changes:
    • This version requires libfixbuf 1.0.0 or greater.
    • Added Napatech Adapter Integration (requires libpcapexpress).
    • YAF now exports TCP, payload, finger printing, p0f, MAC, entropy, and DPI flow information within an IPFIX subTemplateMultiList data type.
    • Added the ability to export YAF capture statistics using IPFIX Options Templates.
    • The --stats or --no-stats were added to configure YAF stats output.
    • Added the ability to define Spread group types to use Spread as a manifold for flow export based on application, port, protocol, version, or vlan.
    • Added New Application Labels: DHCP, AIM, SOCKS, SMB, SNMP, NETBIOS.
    • Added a time-out buffer flush function.
    • Added SSL Certificate Capture.
    • Added DNS Resource Record Parsing.
    • Added Deep Packet Inspection for the MySQL protocol.
    • The --silk switch will maintain compatibility with SiLK by not nesting TCP information in the subTemplateMultiList data type.
    • Deep Packet Inspection elements are read from one configuration file.
    • Added the ability to create new DPI elements from the configuration file.
    • Added UDP Export and Template Retransmission.
    • Many Bug fixes and other enhancements.

  • SiLK - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. The only change was to recompile all of the tools to use libfixbuf{,-devel}-1.0.0 packages. The packages added to the repository are:

    • silk-analysis-2.4.5-2.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - The silk-common package contains the libraries and configuration files required by the other parts of SiLK Toolset, as well as generally useful utilities.
    • silk-common-2.4.5-2.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - The silk-common package contains the libraries and configuration files required by the other parts of SiLK Toolset, as well as generally useful utilities.
    • silk-devel-2.4.5-2.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm- The silk-devel package contains the development libraries and headers for SiLK. This package is required to build additional applications or to build shared libraries for use as plug-ins to The silk analysis tools.
    • silk-flowcap-2.4.5-2.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - The silk-flowcap package contains flowcap, a daemon to capture NetFlow v5 or IPFIX flows (Internet Protocol Flow Information eXport), to store the data temporarily in files on its local disk, and to forward these files over the network to a machine where rwflowpack processes the data. flowcap is typically used with an rwsender-rwreceiver pair to move the files across the network.
    • silk-rwflowappend-2.4.5-2.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - The silk-rwflowappend package is used when the final storage location of SiLK data files is on a different machine than that where the files are created by the rwflowpack daemon (see The silk-rwflowpack package). rwflowappend watches a directory for SiLK data files and appends those files to the final storage location where The silk analysis tools (from The silk-analysis package) can process them. To move the files from rwflowpack to rwflowappend, an rwsender-rwreceiver pair is typically used.
    • silk-rwflowpack-2.4.5-2.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - The silk-rwflowpack package converts NetFlow v5 or IPFIX (Internet Protocol Flow Information eXport) data to The silk Flow record format, categorizes each flow (e.g., as incoming or outgoing), and stores the data in binary flat files within a directory tree, with one file per hour-category-sensor tuple.
    • silk-rwpollexec-2.4.5-2.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - The silk-rwpollexec package contains a program (rwpollexec) which monitors a directory for incoming files. For each file, rwpollexec executes a user-specified command. If the command completes successfully, the file is either moved to an archive directory or deleted.
    • silk-rwreceiver-2.4.5-2.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - The silk-rwreceiver package contains a program (rwreceiver) which receives files over the network from one or more rwsender programs. rwsender-rwreceiver pairs are used to move files from a machine running flowcap and one running rwflowpack, or from the rwflowpack machine to machine(s) running rwflowappend.
    • silk-rwsender-2.4.5-2.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - The silk-rwsender package contains a program (rwsender) which transmits files over the network to one or more rwreceiver programs. rwsender-rwreceiver pairs are used to move files from a machine running flowcap and one running rwflowpack, or from the rwflowpack machine to machine(s) running rwflowappend.

  • unrar-4.0.7-1.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm and libunrar{,-devel}-4.0.7-1.{fc11,fc12,fc13,fc14,el5}.{i386,x86_64}.rpm - UNrar is a freeware program for extracting, testing and viewing the contents of archives created with the RAR archiver version 1.50 and above. See the news for a list of changes.