LiFTeR: Changes for February 8, 2019
- python{2,3}-biplist-1.0.3-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and python2-biplist-1.0.3-2.el7.x86_64.rpm -
Biplist is a library for reading/writing binary plists.
Binary Property List (plist) files provide a faster and smaller serialization format for property lists on OS X.
This is a library for generating binary plists which can be read by OS X, iOS, or other clients.
- elasticsearch5-5.5.5-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and elasticsearch5-5.5.5-2.el7.x86_64.rpm -
ElasticSearch5 is a low-level client for
Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python;
because of this it tries to be opinion-free and very extendable. For a more high level client library with more limited scope, have a
look at elasticsearch-dsl - a more pythonic library sitting on top of elasticsearch-py. It provides a more convenient and idiomatic way
to write and manipulate queries. It stays close to the Elasticsearch JSON DSL, mirroring its terminology and structure while exposing the
whole range of the DSL from Python either directly using defined classes or a queryset-like expressions. It also provides an optional
persistence layer for working with documents as Python objects in an ORM-like fashion: defining mappings, retrieving and saving documents,
wrapping the document data in user-defined classes.
- python{2,3}-elasticsearch-6.3.1-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, python2-elasticsearch-6.3.1-2.el6.{i686,x86_64}.rpm, and python2-elasticsearch-6.3.1-2.el7.x86_64.rpm -
ElasticSearch is the official low-level client for
Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python;
because of this it tries to be opinion-free and very extendable. For a more high level client library with more limited scope, have a
look at elasticsearch-dsl - a more pythonic library sitting on top of elasticsearch-py. It provides a more convenient and idiomatic way
to write and manipulate queries. It stays close to the Elasticsearch JSON DSL, mirroring its terminology and structure while exposing the
whole range of the DSL from Python either directly using defined classes or a queryset-like expressions. It also provides an optional
persistence layer for working with documents as Python objects in an ORM-like fashion: defining mappings, retrieving and saving documents,
wrapping the document data in user-defined classes.
- plaso-20190131-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and plaso-20190131-1.el7.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
This version was changed to use the new package names for the packages noted above.
For Fedora 24 and 25 and CentOS/RHEL 7, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
For Fedora 24 and 25, the recommended way to install this update is the following:
sudo rpm -ev plaso --nodeps; sudo rm -rf /usr/local/lib/PythonVirtualEnvironments/plaso; sudo dnf -y install plaso
and for CentOS/RHEL 7, the following:
sudo rpm -ev plaso --nodeps; sudo rm -rf /usr/local/lib/PythonVirtualEnvironments/plaso; sudo yum -y install plaso
- pfring-7.4.0-2398.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2398.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- libfsapfs{,-devel,-python2,-python3,-tools}-20190206-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-tools}-20190206-1.el6.{i686,x86_64}.rpm and libfsapfs{,-devel,-python2,-python3,-tools}-20190206-1.el7.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
Note that this project currently only focuses on the analysis of the format.
- crunch-3.6-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i386,x86_64}.rpm and crunch-3.6-1.el7.x86_64.rpm -
Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.
Here are its features:
- generates wordlists in both combination and permutation ways
- can breakup output by number of lines or file size
- now has resume support
- pattern now supports number and symbols
- pattern now supports upper and lower case characters separately
- adds a status report when generating multiple files
- new -l option for literal support of @, $, and ^
- new -d option to limit duplicate characters; see man page for details
- now has unicode support
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.11.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.20.6-200 for FC29
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-11.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.20.6-200 for FC29
- fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.30.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.20.6-100 for FC28
- lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-30.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.20.6-100 for FC28
- fmem-kernel-modules-el7-x86_64-1.6-1.48.noarch.rpm - Support for the following kernels were added for
Fmem:
- 3.10.0-957.5.1 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-48.noarch.rpm - Support for the following kernels were added for
LiME:
- 3.10.0-957.5.1 for EL7