LiFTeR: Changes for December 18, 2020
- libewf-experimental{,-devel,-tools,-python3,-tools}-20201210-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libewf-experimental{,-devel,-tools,-python36,-tools}-20201210-1.el7.x86_64.rpm -
Libewf supports Expert Witness Compression Format (EWF) formatted files.
See this page for the list of supported and unsupported formats.
Libewf-Experimental installs packages in /usr/local so that it can be optionally installed along with the conventional Libewf packages, where package contents are installed in /usr. Further, the Libewf-Experimental packages have been installed in the forensics-test repository. You will need to enable this repository with this command for Fedora or CentOS/RHEL 8:
sudo dnf config-manager --set-enabled forensics-test
or this command for CentOS/RHEL 7:
sudo yum-config-manager --enable forensics-test
- python36-chardet-4.0.0-1.el7.x86_64.rpm -
Chardet is a universal character encoding detector.
- ghidra-9.2-PUBLIC_20201113.1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms
including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
See the list of changes and improvement here.
- Volatility3-2.0.0.b1-20201216.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
Volatility 3 is a completely open collection of tools,
implemented in Python under the Volatility Software License,
for the extraction of digital artifacts from volatile memory (RAM) samples.
This release is a beta version of Volatility 3 which can be found here.
It is patched to 2020-12-16.
- python36-requests-2.25.1-1.el7.x86_64.rpm -
Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings.
Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
- python3-cryptography-3.3-1.{fc31,fc32,fc33,el8}.x86_64.rpm and python36-cryptography-3.1-1.el7.x86_64.rpm
Cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Note: This package is being withdrawn from the repository.
It needs to be removed and the vendor-provided version installed in its place.
For Fedora and CentOS/RHEL 8, do the following:
sudo rpm -ev python3-cryptography --nodeps; sudo dnf install python3-cryptography -y --refresh
For CentOS/RHEL 7, do the following:
sudo rpm -ev python36-cryptography --nodeps; sudo yum clean all; sudo yum install python36-cryptography -y
We regret this inconvenience.
- snort-2.9.17.0-2.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the changes in this version.
This release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.
This release contains these two additional symbolic links that are intended to simplify writing Snort configuration rules in that they are no longer required to contain the Snort version in the path name. These symbolic links are:
- /usr/lib64/snort_dynamicengine → snort-2.9.17.0_dynamicengine
- /usr/lib64/snort_dynamicpreprocessor → snort-2.9.17.0_dynamicpreprocessor
Furthermore, the Snort configuration file - /etc/snort/snort.conf - references these version-agnostic path names.
- snort-sample-rules-2.9.17.0-2.{fc31,fc32,fc33,el7,el8}.noarch.rpm -
These rules are sample rules only and are intended to allow snort to start successfully.
These rules only flag HTTP traffic destined for port 80.
Please see the snort rules page to acquire a current set of snort rules.
- snort-openappid-2.9.17.0-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm and snort-openappid-2.9.1.17-1.el6.{i686,x86_64}.rpm -
This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort.
See here for more details.
See the OpenAppId Detector Developer Guide for more information.
To install snort-openappid on your system, you must first remove snort.
Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi
In addition, this release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
This release contains these two additional symbolic links that are intended to simplify writing Snort configuration rules in that they are no longer required to contain the Snort version in the path name. These symbolic links are:
- /usr/lib64/snort_dynamicengine → snort-2.9.17.0_dynamicengine
- /usr/lib64/snort_dynamicpreprocessor → snort-2.9.17.0_dynamicpreprocessor
Furthermore, the Snort configuration file - /etc/snort/snort.conf - references these version-agnostic path names.
- pfring-7.8.0-3307.{el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
- pfring-dkms-7.8.0-3307.{el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.4.0-2954.{el7,el8}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc33-x86_64-1.6-1.7.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.9.14-200 for FC33
- 5.9.13-200 for FC33
- lime-kernel-modules-fc33-x86_64-1.1.r17-7.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.9.14-200 for FC33
- 5.9.13-200 for FC33
- fmem-kernel-modules-fc32-x86_64-1.6-1.29.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.9.14-100 for FC32
- 5.9.13-100 for FC32
- lime-kernel-modules-fc32-x86_64-1.1.r17-29.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.9.14-100 for FC32
- 5.9.13-100 for FC32