LiFTeR: Changes for November 23, 2017
- Fedora 27 - The repository now supports Fedora 27
for the x86_64 and i386 CPU architectures.
Here is the list of tools provided for Fedora 27:
- lime-kernel-modules-1.1.r17-12.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME.
Support for the Fedora 27 x86_64 and i386 architectures was added.
- fmem-kernel-modules-1.6-1.12.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem.
Support for the Fedora 27 x86_64 and i386 architectures was added.
- snort-2.9.11-1.{fc21,fc22,fc23,fc24,fc25,fc26,fc27,el6}.{i686,x86_64}.rpm and snort-2.9.11.1-1.el7.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the changes in this version.
- snort-sample-rules-2.9.11-1.{fc21,fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.noarch.rpm - These rules are sample rules only and are intended to allow
snort to start successfully.
These rules only flag HttP traffic destined for port 80.
Please see the snort rules page to acquire a current set of snort rules.
- snort-openappid-2.9.11-1.{fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.11-1.el7.x86_64.rpm -
This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort.
See here for more details.
See the OpenAppId Detector Developer Guide for more information.
To install snort-openappid on your system, you must first remove snort.
Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi
Note: This version of snort is not yet avaiable for Fedora 26 or 27.
sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
- snarf{,-devel,-python}-0.3.0-3.{fc21,fc22,fc23,fc24,fc25,fc26,fc27,el7}.{i686,x86_64}.rpm - Snarf is a distributed alert reporting system.
Applications can use snarf's C and Python APIs to construct and send network alert messages,
which can then be routed to multiple destinations in a configurable manner.
See here for the list of changes for this release.
This version uses zeromq3.
Note: due to the changing package requirements of snarf, there is no support for CentOS/RHEL 6.
- pfring-7.0.0-1560.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically
improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
- pfring-dkms-7.0.0-1560.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically
improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- python-dfdatetime-20170719-1.{fc21,fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.noarch.rpm -
dfDateTime,
or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
- python-construct-2.5.2-1.{fc21,fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.noarch.rpm -
Python-construct is a powerful declarative parser (and builder) for binary data.
- dfvfs-20171022-1.{fc21,fc22,fc23,fc24,fc25,fc26,fc27,el7}.noarch.rpm - dfVFS,
the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several
back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
- plaso-20171118-1.{fc21,fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm and plaso-20171118-1.el7.x86_64.rpm -
Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
See the release announcement here.
At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 21, 22, 23, 24, 25, 26, and 27 for the i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso.
- fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.2.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.13.9-300 for FC27
- 4.13.13-300 for FC27
- lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-2.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.13.9-300 for FC27
- 4.13.13-300 for FC27
- fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.15.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.13.13-200 for FC26
- lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-15.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.13.13-200 for FC26
- fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.47.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.13.13-100 for FC25
- lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-47.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.13.13-100 for FC25