Linux Forensics Tools Repository: Package Summary for Packages on April 8, 2016:

  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.12.0-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
  • silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.12.0‑2.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.12.0‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repo is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
  • analysis-pipeline-5.3.2-2.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This version was rebuilt to use the latest version of SiLK, specifically 3.12.0.
  • silk-ipset{,-devel,-lib,-tools}-3.12.0-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed. See here for the list of changes in this release.
  • super_mediator-1.3.0-2.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. This release was rebuilt to use silk-ipset-3.12.0.
  • yaf{,-devel}-2.8.2-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. See here for the changes since the last released version (2.8.1).
  • fmem-kernel-modules-el7-{i686,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.10.0-327.13.1 for EL7

  • lime-kernel-modules-el7-{i686,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.10.0-327.13.1 for EL7

  • byacc-1.9.20130304-3.el6.{i386,x86_64}.rpm - BYacc is a parser generator utility that reads a grammar specification from a file and generates an LR(1) parser for it. The parsers consist of a set of LALR(1) parsing tables and a driver routine written in the C programming language. It has a public domain license which includes the generated C. Byacc was installed on CentOS/RHEL 6 so that libewf could be built.
  • libewf-{,devel,python}-20160209-2.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm, ewftools-20160209-2.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. This version fixes the error that results when the deflate compression method (which is the default) is selected.

    These packages have been installed in the forensics-test repository. To use the, you will need to enable this repository in the /etc/yum.repos.d/cert-forensics-tools.repo file and you must be root to do this.