LiFTeR: Changes for August 8, 2019
- libregf{,-devel,-python2,-python3,-tools}-20190805-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-tools}-20190805-1.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-python36,-tools}-20190805-1.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
- snort-2.9.14.1-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.14.1-1.el7.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the changes in this version.
This release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
- snort-sample-rules-2.9.14.1-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm -
These rules are sample rules only and are intended to allow snort to start successfully.
These rules only flag HTTP traffic destined for port 80.
Please see the snort rules page to acquire a current set of snort rules.
- snort-openappid-2.9.14.1-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.14.1-1.el7.x86_64.rpm -
This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort.
See here for more details.
See the OpenAppId Detector Developer Guide for more information.
To install snort-openappid on your system, you must first remove snort.
Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi
In addition, this release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
- ghidra-9.0.4-PUBLIC_20190516.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and ghidra-9.0.4-PUBLIC_20190516.el7.x86_64.rpm -
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms
including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
See the list of changes and improvement here.
Please note that you must install the JDK for Ghidra to work. In testing, The Java Development Kit (JDK) version 11.0.2 was used and worked successfully. Ghidra expects a program named java to be available in the directories named in the PATH variable.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.10.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.2.5-300 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-10.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.2.5-300 for FC30
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.30.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.1.21-200 for FC29
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-30.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.1.21-200 for FC29
- 5.1.18-200 for FC29