Linux Forensics Tools Repository: Package Summary for Packages on April 22, 2013:

  • snort-2.9.4.5-1.1.{fc15,fc16,fc17,fc18,el6}.{i686,x86_64}.rpm - (Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version.
  • snort-sample-rules-2.9.4.5-1.1.{fc15,fc16,fc17,fc18,el6}.{i686,x86_64}.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
  • regripper-plugins-20130404-1.{fc15,fc16,fc17,fc18,el5,el6}.noarch.rpm - Regripper-plugins are the plugins packaged separately from the regripper application. The plugins added are the following:
    • NOTE: these are the packager's comments on what is new in this release, not the authors.
    • NEW PLUGIN attachmgr.pl The Windows Attachment Manager manages how attachments are handled, and settings are on a per-user basis. Malware has been shown to access these settings and make modifications.
    • NEW PLUGIN javasoft.pl Gets contents of JavaSoft/UseJava2IExplorer value
    • NEW PLUGIN lsa_packages.pl Lists various *Packages key contents beneath LSA key
    • NEW PLUGIN olsearch.pl Gets contents of user's OutLook Searches
    • NEW PLUGIN outlook2.pl Gets MAPI (Outlook) settings *BETA*
    • NEW PLUGIN photos.pl Read data on images opened via Win8 Photos app
    • NEW PLUGIN scanwithav.pl Checks ScanWithAV value in Software hive, per KB 883260
    • NEW PLUGIN uac.pl Get User Account Control (UAC) Values from HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
    • UPDATE appinitdlls.pl updated to address 64-bit systems
    • UPDATE ares.pl updated based on data provided by J. Weg
    • UPDATE ie_settings.pl added "AutoConfigURL" value info
    • UPDATE inprocserver.pl fixed retrieving LW time from correct key
    • UPDATE landesk.pl added Wow6432Node path
    • UPDATE sevenzip.pl minor updates added
    • UPDATE soft_run.pl updated to include Policies keys; added additional keys
    • UPDATE ssh_host_keys.pl Added rptMsg for key not found errors by Corey Harrell
    • UPDATE termserv.pl updated with autostart locations
    • UPDATE user_run.pl added additional keys; updated to include Policies keys; updated to include additional keys; updated to include 64-bit, additional keys/values
    • UPDATE winlogon_u updated with ThreatExpert info
    • UPDATE winscp_sessions.pl Added rptMsg for key not found errors by Corey Harrell
    • NOTE RegRipperPluginsPackage (RRPP) now counts 236 plugins

  • bloom-1.4.6-2.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Bloom is an NPS bloom filter package that includes the frag_find utility. This version removes the frag_find tool which is now packaged separately.
  • frag_find-1.0.0-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Frag_find is a program for finding blocks of one or more MASTER files in a disk IMAGE file. This is useful in cases where a MASTER file has been stolen and you wish to establish that the file has been present on a subject's drive. If most of the MASTER file's sectors are found on the IMAGE drive---and if the sectors are in consecutive sector runs---then the chances are excellent that the file was once there.
  • CERT-Forensics-Tools-1.0-53.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - This package was updated to do the following:
    • add frag_find for all supported architectures

  • disktype-9-9.3.{fc15,fc16,fc17,fc18,el5,el6}.noarch.rpm - Disktype detects the content format of a disk or disk image. This release corrects a package building error dealing with release numbering.
  • fmem-kernel-objects-1.6-1.19.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. The changes added support for the following kernels:
    • 3.8.7-201 for FC18
    • 3.8.6-203 for FC18
    • RHEL/CentOS 5: Added the following:
      2.6.18-8.el5.i686
      2.6.18-8.el5.x86_64
      2.6.18-8.el5PAE.i686
      2.6.18-8.1.1.el5.i686
      2.6.18-8.1.1.el5.x86_64
      2.6.18-8.1.1.el5PAE.i686
      2.6.18-8.1.10.el5.i686
      2.6.18-8.1.10.el5.x86_64
      2.6.18-8.1.10.el5PAE.i686
      2.6.18-8.1.14.el5.i686
      2.6.18-8.1.14.el5.x86_64
      2.6.18-8.1.14.el5PAE.i686
      2.6.18-8.1.15.el5.i686
      2.6.18-8.1.15.el5.x86_64
      2.6.18-8.1.15.el5PAE.i686
      2.6.18-8.1.3.el5.i686
      2.6.18-8.1.3.el5.x86_64
      2.6.18-8.1.3.el5PAE.i686
      2.6.18-8.1.4.el5.i686
      2.6.18-8.1.4.el5.x86_64
      2.6.18-8.1.4.el5PAE.i686
      2.6.18-8.1.6.el5.i686
      2.6.18-8.1.6.el5.x86_64
      2.6.18-8.1.6.el5PAE.i686
      2.6.18-8.1.8.el5.i686
      2.6.18-8.1.8.el5.x86_64
      2.6.18-8.1.8.el5PAE.i686
      2.6.18-53.el5.i686
      2.6.18-53.el5.x86_64
      2.6.18-53.el5PAE.i686
      2.6.18-53.1.13.el5.i686
      2.6.18-53.1.13.el5.x86_64
      2.6.18-53.1.13.el5PAE.i686
      2.6.18-53.1.14.el5.i686
      2.6.18-53.1.14.el5.x86_64
      2.6.18-53.1.14.el5PAE.i686
      2.6.18-53.1.19.el5.i686
      2.6.18-53.1.19.el5.x86_64
      2.6.18-53.1.19.el5PAE.i686
      2.6.18-53.1.21.el5.i686
      2.6.18-53.1.21.el5.x86_64
      2.6.18-53.1.21.el5PAE.i686
      2.6.18-53.1.4.el5.i686
      2.6.18-53.1.4.el5.x86_64
      2.6.18-53.1.4.el5PAE.i686
      2.6.18-53.1.6.el5.i686
      2.6.18-53.1.6.el5.x86_64
      2.6.18-53.1.6.el5PAE.i686
      2.6.18-92.el5.i686
      2.6.18-92.el5.x86_64
      2.6.18-92.el5PAE.i686
      2.6.18-92.1.1.el5.i686
      2.6.18-92.1.1.el5.x86_64
      2.6.18-92.1.1.el5PAE.i686
      2.6.18-92.1.10.el5.i686
      2.6.18-92.1.10.el5.x86_64
      2.6.18-92.1.10.el5PAE.i686
      2.6.18-92.1.13.el5.i686
      2.6.18-92.1.13.el5.x86_64
      2.6.18-92.1.13.el5PAE.i686
      2.6.18-92.1.17.el5.i686
      2.6.18-92.1.17.el5.x86_64
      2.6.18-92.1.17.el5PAE.i686
      2.6.18-92.1.18.el5.i686
      2.6.18-92.1.18.el5.x86_64
      2.6.18-92.1.18.el5PAE.i686
      2.6.18-92.1.22.el5.i686
      2.6.18-92.1.22.el5.x86_64
      2.6.18-92.1.22.el5PAE.i686
      2.6.18-92.1.6.el5.i686
      2.6.18-92.1.6.el5.x86_64
      2.6.18-92.1.6.el5PAE.i686
      2.6.18-128.el5.i686
      2.6.18-128.el5.x86_64
      2.6.18-128.el5PAE.i686
      2.6.18-128.1.1.el5.i686
      2.6.18-128.1.1.el5.x86_64
      2.6.18-128.1.1.el5PAE.i686
      2.6.18-128.1.10.el5.i686
      2.6.18-128.1.10.el5.x86_64
      2.6.18-128.1.10.el5PAE.i686
      2.6.18-128.1.14.el5.i686
      2.6.18-128.1.14.el5.x86_64
      2.6.18-128.1.14.el5PAE.i686
      2.6.18-128.1.16.el5.i686
      2.6.18-128.1.16.el5.x86_64
      2.6.18-128.1.16.el5PAE.i686
      2.6.18-128.1.6.el5.i686
      2.6.18-128.1.6.el5.x86_64
      2.6.18-128.1.6.el5PAE.i686
      2.6.18-128.2.1.el5.i686
      2.6.18-128.2.1.el5.x86_64
      2.6.18-128.2.1.el5PAE.i686
      2.6.18-128.4.1.el5.i686
      2.6.18-128.4.1.el5.x86_64
      2.6.18-128.4.1.el5PAE.i686
      2.6.18-128.7.1.el5.i686
      2.6.18-128.7.1.el5.x86_64
      2.6.18-128.7.1.el5PAE.i686
      2.6.18-164.el5.i686
      2.6.18-164.el5.x86_64
      2.6.18-164.el5PAE.i686
      2.6.18-164.10.1.el5.i686
      2.6.18-164.10.1.el5.x86_64
      2.6.18-164.10.1.el5PAE.i686
      2.6.18-164.11.1.el5.i686
      2.6.18-164.11.1.el5.x86_64
      2.6.18-164.11.1.el5PAE.i686
      2.6.18-164.15.1.el5.i686
      2.6.18-164.15.1.el5.x86_64
      2.6.18-164.15.1.el5PAE.i686
      2.6.18-164.2.1.el5.i686
      2.6.18-164.2.1.el5.x86_64
      2.6.18-164.2.1.el5PAE.i686
      2.6.18-164.6.1.el5.i686
      2.6.18-164.6.1.el5.x86_64
      2.6.18-164.6.1.el5PAE.i686
      2.6.18-164.9.1.el5.i686
      2.6.18-164.9.1.el5.x86_64
      2.6.18-164.9.1.el5PAE.i686
      2.6.18-194.el5.i686
      2.6.18-194.el5.x86_64
      2.6.18-194.el5PAE.i686
      2.6.18-194.11.1.el5.i686
      2.6.18-194.11.1.el5.x86_64
      2.6.18-194.11.1.el5PAE.i686
      2.6.18-194.11.3.el5.i686
      2.6.18-194.11.3.el5.x86_64
      2.6.18-194.11.3.el5PAE.i686
      2.6.18-194.11.4.el5.i686
      2.6.18-194.11.4.el5.x86_64
      2.6.18-194.11.4.el5PAE.i686
      2.6.18-194.17.1.el5.i686
      2.6.18-194.17.1.el5.x86_64
      2.6.18-194.17.1.el5PAE.i686
      2.6.18-194.17.4.el5.i686
      2.6.18-194.17.4.el5.x86_64
      2.6.18-194.17.4.el5PAE.i686
      2.6.18-194.26.1.el5.i686
      2.6.18-194.26.1.el5.x86_64
      2.6.18-194.26.1.el5PAE.i686
      2.6.18-194.3.1.el5.i686
      2.6.18-194.3.1.el5.x86_64
      2.6.18-194.3.1.el5PAE.i686
      2.6.18-194.32.1.el5.i686
      2.6.18-194.32.1.el5.x86_64
      2.6.18-194.32.1.el5PAE.i686
      2.6.18-194.8.1.el5.i686
      2.6.18-194.8.1.el5.x86_64
      2.6.18-194.8.1.el5PAE.i686
      2.6.18-238.el5.i686
      2.6.18-238.el5.x86_64
      2.6.18-238.el5PAE.i686
      2.6.18-238.1.1.el5.i686
      2.6.18-238.1.1.el5.x86_64
      2.6.18-238.1.1.el5PAE.i686
      2.6.18-238.12.1.el5.i686
      2.6.18-238.12.1.el5.x86_64
      2.6.18-238.12.1.el5PAE.i686
      2.6.18-238.19.1.el5.i686
      2.6.18-238.19.1.el5.x86_64
      2.6.18-238.19.1.el5PAE.i686
      2.6.18-238.5.1.el5.i686
      2.6.18-238.5.1.el5.x86_64
      2.6.18-238.5.1.el5PAE.i686
      2.6.18-238.9.1.el5.i686
      2.6.18-238.9.1.el5.x86_64
      2.6.18-238.9.1.el5PAE.i686
      2.6.18-274.el5.i686
      2.6.18-274.el5.x86_64
      2.6.18-274.el5PAE.i686
      2.6.18-274.12.1.el5.i686
      2.6.18-274.12.1.el5.x86_64
      2.6.18-274.12.1.el5PAE.i686
      2.6.18-274.17.1.el5.i686
      2.6.18-274.17.1.el5.x86_64
      2.6.18-274.17.1.el5PAE.i686
      2.6.18-274.18.1.el5.i686
      2.6.18-274.18.1.el5.x86_64
      2.6.18-274.18.1.el5PAE.i686
      2.6.18-274.3.1.el5.i686
      2.6.18-274.3.1.el5.x86_64
      2.6.18-274.3.1.el5PAE.i686
      2.6.18-274.7.1.el5.i686
      2.6.18-274.7.1.el5.x86_64
      2.6.18-274.7.1.el5PAE.i686
      2.6.18-308.el5.i686
      2.6.18-308.el5.x86_64
      2.6.18-308.el5PAE.i686
      2.6.18-308.1.1.el5.i686
      2.6.18-308.1.1.el5.x86_64
      2.6.18-308.1.1.el5PAE.i686
      2.6.18-308.11.1.el5.i686
      2.6.18-308.11.1.el5.x86_64
      2.6.18-308.11.1.el5PAE.i686
      2.6.18-308.13.1.el5.i686
      2.6.18-308.13.1.el5.x86_64
      2.6.18-308.13.1.el5PAE.i686
      2.6.18-308.16.1.el5.i686
      2.6.18-308.16.1.el5.x86_64
      2.6.18-308.16.1.el5PAE.i686
      2.6.18-308.20.1.el5.i686
      2.6.18-308.20.1.el5.x86_64
      2.6.18-308.20.1.el5PAE.i686
      2.6.18-308.24.1.el5.i686
      2.6.18-308.24.1.el5.x86_64
      2.6.18-308.24.1.el5PAE.i686
      2.6.18-308.4.1.el5.i686
      2.6.18-308.4.1.el5.x86_64
      2.6.18-308.4.1.el5PAE.i686
      2.6.18-308.8.1.el5.i686
      2.6.18-308.8.1.el5.x86_64
      2.6.18-308.8.1.el5PAE.i686
      2.6.18-308.8.2.el5.i686
      2.6.18-308.8.2.el5.x86_64
      2.6.18-308.8.2.el5PAE.i686
      2.6.18-348.el5.i686
      2.6.18-348.el5.x86_64
      2.6.18-348.el5PAE.i686
      2.6.18-348.1.1.el5.i686
      2.6.18-348.1.1.el5.x86_64
      2.6.18-348.1.1.el5PAE.i686
      2.6.18-348.2.1.el5.i686
      2.6.18-348.2.1.el5.x86_64
      2.6.18-348.2.1.el5PAE.i686
      2.6.18-348.3.1.el5.i686
      2.6.18-348.3.1.el5.x86_64
      2.6.18-348.3.1.el5PAE.i686
    • RHEL/CentOS 6: Added the following:
      2.6.32-71.el6.i686
      2.6.32-71.el6.x86_64
      2.6.32-71.14.1.el6.i686
      2.6.32-71.14.1.el6.x86_64
      2.6.32-71.18.1.el6.i686
      2.6.32-71.18.1.el6.x86_64
      2.6.32-71.18.2.el6.i686
      2.6.32-71.18.2.el6.x86_64
      2.6.32-71.24.1.el6.i686
      2.6.32-71.24.1.el6.x86_64
      2.6.32-71.29.1.el6.i686
      2.6.32-71.29.1.el6.x86_64
      2.6.32-71.7.1.el6.i686
      2.6.32-71.7.1.el6.x86_64
      2.6.32-131.0.15.el6.i686
      2.6.32-131.0.15.el6.x86_64
      2.6.32-220.el6.i686
      2.6.32-220.el6.x86_64
      2.6.32-279.el6.i686
      2.6.32-279.el6.x86_64
      2.6.32-358.0.1.el6.i686
      2.6.32-358.0.1.el6.x86_64
      2.6.32-358.el6.i686
      2.6.32-358.el6.x86_64
      2.6.32-358.2.1.el6.i686
      2.6.32-358.2.1.el6.x86_64

  • cert-forensics-tools-release-5.9-8.noarch.rpm - This package was added to correct a configuration problem where the package could not be installed on all RHEL/CentOS-5 systems.