LiFTeR: Changes for August 23, 2019
- jdk-12.0.2_linux-x64_bin.rpm -
JDK is the Java SE Development Kit 12.0.2 from Oracle.
This package has been installed in the Fedora 25 and 26 and CentOS/RHEL 7 repositories for the x86_64 architecture.
- ghidra-9.0.4-PUBLIC_20190516.3.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and ghidra-9.0.4-PUBLIC_20190516.3.{fc25,fc26,el7}.x86_64.rpm -
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms
including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
See the list of changes and improvement here.
Note: this release no longer requires JDK from Oracle for Fedora 27 through 30, relying instead on the latest version of OpenJDK provided by Fedora, specified as java-latest for Fedora 28 and beyond and java-11 for Fedora 27. However, for Fedora 25 and 26 and CentOS/RHEL 7, JDK Version 11 or higher is required and this package has been added to the appropriate repositories. In addition, this release also contains a ghidra.desktopfile that supports the GNOME and Mate Window managers.
- sleuthkit{,-devel,-libs}-4.6.7-1.1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.6.7-1.1.el7.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- jdk-8u221-linux-x64.rpm -
JDK is the Java SE Development Kit 8, Update 221 from Oracle.
This package has been installed in the CentOS/RHEL 7 repository for the x86_64 architecture and in the CentOS/RHEL 6 repoositories for the i386 and x86_64 architectures.
- autopsy-4.12.0-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and autopsy-4.12.0-1.el7.x86_64.rpm -
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer.
You can even use it to recover photos from your camera's memory card.
Note: this release no longer requires JDK from Oracle for Fedora 25 through 30, relying instead on version 1.8.0 of OpenJDK version provided by Fedora, along with version 1.8.0 of OpenJFX, also provided by Fedora. However, for CentOS/RHEL 6 and 7, the latest version of JDK 8 from Oracle is required and this package has been added to the appropriate repositories. In addition, this release also contains a autopsy.desktopfile that supports the GNOME and Mate Window managers.
- python{2,3}-xlsxwriter-1.1.9-1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.1.9-1.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- bro{,-core,ctl,-debugsource,-devel,-libcaf-devel}-2.6.3-0.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbroker-devel-2.6.3-0.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, bro{,-core,ctl,-debugsource,-devel,-libcaf-devel}-2.6.3-0.el7.x86_64.rpm, and libbroker-devel-2.6.3-0.el7.x86_64.rpm -
Bro (nee Zeek) is a powerful network analysis framework that is much different from the typical IDS you may know.
(Zeek is the new name for the long-established Bro system. Note that parts of the system retain the "Bro" name, and it also often appears in the documentation and distributions.)
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: bro packages install files in /opt/bro. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/bro/bin && ! "$PATH" =~ /opt/bro/bin ]] && PATH=$PATH:/opt/bro/bin
Then run:[[ -d /opt/bro/share/man && ! "$MANPATH" =~ /opt/bro/share/man ]] && MANPATH=$MANPATH:/opt/bro/share/man
. ~/.bashrc
- python{2,3}-elasticsearch-7.0.4-1.i{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-elasticsearch-7.0.4-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
- pfring-7.4.0-2612.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2612.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1770.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.2.9-200 for FC30
- 5.2.8-200 for FC30
- 5.2.7-200 for FC30
- 5.2.6-200 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-11.noarch.rpm - Support for the following kernels were added for LiME:
- 5.2.9-200 for FC30
- 5.2.8-200 for FC30
- 5.2.7-200 for FC30
- 5.2.6-200 for FC30
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.2.7-100 for FC29
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME:
- 5.2.7-100 for FC29
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.56.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.18.2 for EL6
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-56.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.18.2 for EL6
- python{2,3}-elasticsearch-7.0.4-1.i{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-elasticsearch-7.0.4-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.