LiFTeR: Changes for January 7, 2021
- libewf-experimental{,-devel,-tools,-python3,-tools}-20201230-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libewf-experimental{,-devel,-tools,-python36,-tools}-20201230-1.el7.x86_64.rpm -
Libewf supports Expert Witness Compression Format (EWF) formatted files.
See this page for the list of supported and unsupported formats.
Libewf-Experimental installs packages in /usr/local so that it can be optionally installed along with the conventional Libewf packages, where package contents are installed in /usr. Further, the Libewf-Experimental packages have been installed in the forensics-test repository. You will need to enable this repository with this command for Fedora or CentOS/RHEL 8:
sudo dnf config-manager --set-enabled forensics-test
or this command for CentOS/RHEL 7:
sudo yum-config-manager --enable forensics-test
- python3-idna-3.1-1.el8.noarch.rpm and python36-idna-3.1-1.el7.noarch.rpm -
IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891.
This is the latest version of the protocol and is sometimes referred to as "IDNA 2008".
- libfixbuf{,-devel,-ipfixDump}-2.4.1-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101).
See here for the list of changes.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-3.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
This package was rebuilt to use libfixbuf 2.4.1.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-4.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
This package was rebuilt to use libfixbuf 2.4.1.
- libschemaTools{,-devel}-1.3-7.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
libschemaTools is a library that provides a standard representation of data records.
It is built on fixbuf, using IPFIX information elements.
It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source.
SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records.
This package was rebuilt to use libfixbuf 2.4.1.
- python3-pyfixbuf-0.8.1-2.{fc31,fc32,fc33,el8}.x86_64.rpm and python36-pyfixbuf-0.8.1-2.el7.x86_64.rpm -
Pyfixbuf is a Python API for libfixbuf,
an implementation of the IPFIX protocol used for building, collecting, and exporting processes.
Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX.
Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another
IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.).
This package was rebuilt to use libfixbuf 2.4.1.
Note also that the Python 2 version is no longer provided.
- analysis-pipeline-5.11.3-5.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt to use libfixbuf 2.4.1.
- super_mediator-1.8.0-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
See here for the list of changes.
- yaf{,-devel}-2.12.1-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering.
Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format.
It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using
pcap(3), an Endace DAG capture device,
or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX
over SCTP, TCP or
UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system.
Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring.
See here for the list of changes.
- mac-robber-1.02-1.el8.x86_64.rpm -
Mac-robber is a digital investigation tool that collects data from allocated files in a mounted file system.
Removed: Provided by CentOS/RHEL.
- python3-redis-3.5-1.el8.noarch.rpm -
Redis is a Python interface to the Redis key-value store.
Removed: Provided by CentOS/RHEL.
- pfring-7.8.0-3323.{el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
- pfring-dkms-7.8.0-3323.{el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.4.0-2968.{el7,el8}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc33-x86_64-1.6-1.9.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.9.16-200 for FC33
- lime-kernel-modules-fc33-x86_64-1.1.r17-9.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.9.16-200 for FC33
- fmem-kernel-modules-fc32-x86_64-1.6-1.31.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.9.16-100 for FC32
- lime-kernel-modules-fc32-x86_64-1.1.r17-31.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.9.16-100 for FC32