LiFTeR: Changes for October 11, 2019
- CentOS 8 - The repository now supports CentOS 8
for the x86_64 CPU architecture.
Here is the list of tools provided for CentOS 8:
The following tools have been provided for CentOS/RHEL 7 but are unavailable for CentOS/RHEL 8 at this time:
- aimage
- bloom
- bulk_extractor
- bulk_extractor-stoplist
- dff
- etherape
- frag_find
- hachoir-urwid
- hachoir-wx
- KHracker
- kracked
- log2timeline
- perl-Data-Hexify
- perl-File-Mork
- perl-Mac-PropertyList
- perl-Parse-Evtx
- perl-Wx
- ptk
- python-apsw
- python-haystack
- python-poppler-qt4
- python-rarfile
- python-ssdeep
- python-xlwt
- recoll
- registrydecoder
- vinetto
- Volatility-community-plugins
Here are the other changes this week:
- lime-kernel-modules-1.1.r17-17.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME.
Support for CentOS/RHEL 8 x86_64 architecture was added.
- fmem-kernel-modules-1.6-1.17.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem.
Support for CentOS/RHEL 8 x86_64 architecture was added.
- ghostpdl-9.27-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and ghostpdl-9.27-1.{el7,el8}.x86_64.rpm -
Ghostpdl is Artifex Software's implementation of the PCL-5™ and PCL-XL™ family of page description languages.
Ghostpdl is used by Xplico.
- python{2,3}-elasticsearch-7.0.5-1.i{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python{2,36}-elasticsearch-7.0.5-1.el7.x86_64.rpm, and python{2,3}-elasticsearch-7.0.5-1.el8.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
- libfwsi{,-devel,-python2,-python3}-20191006-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20191006-1.el6.{i686,x86_64}.rpm, libfwsi{,-devel,-python2,-python36}-20191006-1.el7.x86_64.rpm, and libfwsi{,-devel,-python2,-python3}-20191006-1.el8.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
- liblnk{,-devel,-python2,-python3,-tools}-20191006-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20191006-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36,-tools}-20191006-1.el7.x86_64.rpm, and liblnk{,-devel,-python2,-python3,-tools}-20191006-1.el8.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
- libsigscan{,-devel,-python2,-python3,-tools}-20191006-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsigscan{,-devel,-python2,-tools}-20191006-1.el6.{i686,x86_64}.rpm, libsigscan{,-devel,-python2,-python36,-tools}-20191006-1.el7.x86_64.rpm, and libsigscan{,-devel,-python2,-python3,-tools}-20191006-1.el8.x86_64.rpm -
Libsigscan is a library and tools used to binary signature scanning.
- libpst{,-devel,-devel-doc,-doc,-libs,-python}-0.6.72-1.{fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm, libpst{,-devel,-devel-doc,-doc,-libs,-python36}-0.6.72-1.el7.x86_64.rpm, and libpst{,-devel,-devel-doc,-doc,-libs,-python3}-0.6.72-1.el8.x86_64.rpm -
The libpst utilities convert Outlook .pst files to other formats.
See here for the list of changes.
- ntfs-3g{,-devel}-2017.3.23-11.el6.{i686,x86_64}.rpm and ntfs-3g{,-devel}-2017.3.23-11.{el7,el8}.x86_64.rpm -
NTFS-3g is a stable, full-featured, read-write NTFS driver for Linux, Android, Mac OS X, FreeBSD, NetBSD, OpenSolaris, QNX, Haiku, and other operating systems.
It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008, Windows 7, Windows 8 and Windows 10 NTFS file systems.
- snort-2.9.15-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.15-1.el7.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the changes in this version.
This release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
- snort-sample-rules-2.9.15-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm -
These rules are sample rules only and are intended to allow snort to start successfully.
These rules only flag HTTP traffic destined for port 80.
Please see the snort rules page to acquire a current set of snort rules.
- snort-openappid-2.9.15-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.15-1.el7.x86_64.rpm -
This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort.
See here for more details.
See the OpenAppId Detector Developer Guide for more information.
To install snort-openappid on your system, you must first remove snort.
Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi
In addition, this release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
- pfring-7.4.0-2707.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2707.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-1978.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.16.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.2.18-200 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-16.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.2.18-200 for FC30
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.34.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.2.18-100 for FC29
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-34.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.2.18-100 for FC29