LiFTeR: Changes for November 10, 2017
- fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.13.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.13.11-200 for FC26
- lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-13.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.13.11-200 for FC26
- fmem-kernel-modules-fc26-x86_64-1.6-1.12.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.13.10-200 for FC26
- lime-kernel-modules-fc26-x86_64-1.1.r17-12.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.13.10-200 for FC26
- fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.45.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.13.11-100 for FC25
- lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-45.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.13.11-100 for FC25
- fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.44.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.13.8-100 for FC25
- 4.13.10-100 for FC25
- lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-44.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.13.8-100 for FC25
- 4.13.10-100 for FC25
- pfring-7.0.0-1535.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically
improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
- pfring-dkms-7.0.0-1535.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically
improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- libfwsi{,-devel,-python,-python3}-20171103-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm libfwsi{,-devel,-python}-20171103-1.el6.{i686,x86_64}.rpm, and libfwsi{,-devel,-python,-python3}-20171103-1.el7.x86_64.rpm -
Libfwsi is a library to access the
Windows Shell Item format.
See here for the list of changes.
- liblnk{,-devel,-python,-python3,-tools}-20171101-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, liblnk{,-devel,-python,-tools}-20171101-1.el6.{i686,x86_64}.rpm, abnd liblnk{,-devel,-python,-python3,-tools}-20171101-1.el7.x86_64.rpm -
Liblnk contains libraries and tools to access the
Windows Shortcut File (LNK) format file.
See here for the list of changes.
- libsmdev{,-devel,-python,-python3,-tools}-20171105-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libsmdev{,-devel,-python,-tools}-20171105-1.el6}.{i686,x86_64}.rpm, and libsmdev{,-devel,-python,-python3,-tools}-20171105-1.el7.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
See here for the list of changes.
- libsmraw{,-devel,-python,-python3,-tools}-20171105-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libsmraw{,-devel,-python,-tools}-20171105-1.el6.{i686,x86_64}.rpm, and libsmraw{,-devel,-python,-python3,-tools}-20171105-1.el7.86_64.rpm -
Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
Libsmraw contains supports for multiple (split) RAW naming schemes.
- artifacts-20171107-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i386,x86_64}.rpm and artifacts-20171107-1.el7.x86_64.rpm -
Artifacts is a free,
community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
This package was built to support plaso.
- python-certifi-2016.9.26-2.{fc21,fc22,fc23,fc24,fc25,el7}.noarch.rpm - Certifi is a
carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
This package was built to support plaso.
- python{2,3}-future-0.16.0-4.{fc21,fc22,fc23}.noarch.rpm - Future is
the missing compatibility layer between Python 2 and Python 3. It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead.
This package was built to support plaso.
- python{2,3}-idna-2.5-1.{fc21,fc22,fc23,el7}.noarch.rpm - IDNA provides
support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891. This is the latest version of the protocol and is sometimes referred to as "IDNA 2008".
This package was built to support plaso.
- python{2,3}-pefile-2017.5.26-2.{fc21,fc22,fc23,fc24}.noarch.rpm and python-pefile-2017.5.26-2.el7.noarch.rpm -
PEFile is a Portable Executable reader module.
This package was built to support plaso.
- plaso-20170930-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm and plaso-201709301-1.el7.x86_64.rpm -
Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
See the release announcement here.
At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 21, 22, 23, 24, 25, and 26 for i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso.
- libfixbuf{,-devel}-1.8.0-1.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Libfixbuf
is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101).
See here for the list of changes.
Libsmraw contains supports for multiple (split) RAW naming schemes.
- yaf{,-devel}-2.9.2-1.{fc21,fc22,fc23,fc24,fc25,fc26,el6}.{i686,x86_64}.rpm and yaf{,-devel}-2.9.2-1.el7.x86_64.rpm -
Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering.
Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format.
It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using
pcap(3), an Endace DAG capture device,
or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX
over SCTP, TCP or
- analysis-pipeline-5.6-4.{fc21,fc22,fc23,fc24,fc25,fc26,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.6-4.el7.x86_64.rpm -
The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
See here for the list of changes for this release.
This package was rebuilt to use libfixbuf 1.8.0.
- libschemaTools{,-devel}-1.2.1-2.{fc21,fc22,fc23,fc24,fc25,fc26,el6}.{i686,x86_64}.rpm and libschemaTools{,-devel}-1.2.1-2.el7.x86_64.rpm -
libschemaTools is a library that provides a standard representation of data records.
It is built on fixbuf, using IPFIX information elements.
It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source.
SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records.
See here for the list of changes for this release.
This package was rebuilt to use libfixbuf 1.8.0.
- pyfixbuf-0.2.1-2.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Pyfixbuf
is a Python API for libfixbuf, an implementation of the
IPFIX protocol used for building, collecting, and exporting processes.
Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX.
Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another
IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.).
See this page for a list of problems fixed in this
and all releases.
This package was rebuilt to use libfixbuf 1.8.0.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.16.0-3.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
This package was rebuilt to use libfixbuf 1.8.0.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.16.0-4.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm and
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.16.0-4.{el6,el7}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
This package was rebuilt to use libfixbuf 1.8.0.
- super_mediator-1.5.3-2.{fc21,fc22,fc23,fc24,fc25,fc26,el6}.{i686,x86_64}.rpm and super_mediator-1.5.3-2.el7.x86_64.rpm -
Super_mediator is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF.
See here for the list of changes for this release.
This package was rebuilt to use libfixbuf 1.8.0.