LiFTeR: Changes for February 19, 2021
- python3-dfvfs-20210213-1.{fc31,fc32,fc33,el8}.noarch.rpm and python36-dfvfs-20210213-1.el7.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
- python3-elasticsearch-7.11.0-1.{fc31,fc32,fc33,el8}.x86_64.rpm and python36-elasticsearch-7.11.0-1.el7.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
Note: This version has been removed from the repository due to incompatibilities with plaso.
- python3-elasticsearch-7.9.1-1.{fc31,fc32,fc33,el8}.x86_64.rpm and python36-elasticsearch-7.9.1-1.el7.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
Note: You will need to downgrade to this version of elasticsearch with the following on Fedora and CentOS/RHEL 8:
sudo dnf downgrade python3-elasticsearch -y
And this on CentOS/RHEL 7:
sudo yum downgrade python36-elasticsearch -y
- plaso-20201228-2.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
Details of this update are available here.
This version removes a patch that intended to make plaso work with ElasticSearch version 7.10 and newer.
- zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.12-0.{fc31,fc32,fc33,el7,el8}.x86_64.rpm, and libbroker-devel-3.0.12-0.{fc31,fc32,fc33,el7,el8}.x86_64.rpm -
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin
[[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
- pfring-7.8.0-3371.{el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
- pfring-dkms-7.8.0-3371.{el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.4.0-3047.{el7,el8}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc33-x86_64-1.6-1.14.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.10.16-200 for FC33
- 5.10.15-200 for FC33
- lime-kernel-modules-fc33-x86_64-1.9.1-14.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.10.16-200 for FC33
- 5.10.15-200 for FC33
- fmem-kernel-modules-fc32-x86_64-1.6-1.35.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.10.16-100 for FC32
- 5.10.15-100 for FC32
- lime-kernel-modules-fc32-x86_64-1.9.1-35.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.10.16-100 for FC32
- 5.10.15-100 for FC32