Linux Forensics Tools Repository: Package Summary for Packages on December 4, 2015:

  • CERT-Forensics-Tools-1.0-67.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6,el7}.{i686,x86_64}.rpm - This package was updated as follows:
    • For CentOS/RHEL 7, the hexedit replaced the ghex program.

  • fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
    • 4.2.6-201 for FC22

  • lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
    • 4.2.6-201 for FC22

  • snort-2.9.8.0-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version.
  • snort-openappid-2.9.8.0-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - This is the snort package built with the following additions:
    • The --enable-open-appid option was added to the configure script that configures the build of snort. See here for more details.
    • The files found here and named snort-openappid.tar.gz are installed in /usr/share/snort/cisco/apps.
    • Here is the OpenAppId Detector Developer Guide .

  • snort-sample-rules-2.9.8.0-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.