LiFTeR: Changes for November 8, 2023
- libregf{,-devel,-python3,-tools}-20231029-1.{fc36,fc37,fc38,el8,amzn2}.x86_64.rpm, libregf{,-devel,-python3,-tools}-20231029-1.el9.{x86_64,aarch64}.rpm, and libregf{,-devel,-python36,-tools}-20231029-1.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows Registry File files.
- libcreg{,-devel,-python3,-tools}-20231029-1.{fc36,fc37,fc38,el8,amzn2}.x86_64.rpm, libcreg{,-devel,-python3,-tools}-20231029-1.el9.{x86_64,aarch64}.rpm, and libcreg{,-devel,-python36,-tools}-20231029-1.el7.x86_64.rpm -
Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format.
- snort-3.1.73.0-1.{fc36,fc37,fc38,el8}.x86_64.rpm and snort-3.1.73.0-1.el9.{x86_64,aarch64}.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
- zeek{,-btest,-btest-data,-client,-core,ctl,-devel,-spicy-devel,-zkg}-6.0.2-1.{fc36,fc37,fc38,el7,el8}.x86_64.rpm, libbroker-devel-6.0.2-1.{fc36,fc37,fc38,el7,el8}.x86_64.rpm, zeek{,-btest,-btest-data,-client,-core,ctl,-devel,-spicy-devel,-zkg}-6.0.2-1.el9.{x86_64,aarch64}.rpm, libbroker-devel-6.0.2-1.el9.{x86_64,aarch64}.rpm -
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin
[[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
- libbde{,-devel,-python3,-tools}-20231106-1.{fc36,fc37,fc38,el8,amzn2}.x86_64.rpm, libbde{,-devel,-python3,-tools}-20231106-1.el9.{x86_64,aarch64}.rpm, and libbde{,-devel,-python36,-tools}-20231106-1.el7.x86_64.rpm -
Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
- pfring-8.7.0-{8640,8654}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
- pfring-dkms-8.7.0.{8640,8654}-dkms.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-4.9.0-{4450,4459}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- lime-kernel-modules-fc38-x86_64-1.9.1-18.noarch.rpm -
Support for the following kernels were added for LiME:
- 6.5.9-200 for FC38
- 6.5.8-200 for FC38
- fmem-kernel-modules-fc38-x86_64-1.6-1.18.noarch.rpm -
Support for the following kernels were added for Fmem:
- 6.5.9-200 for FC38
- 6.5.8-200 for FC38
- lime-kernel-modules-fc37-x86_64-1.9.1-18.noarch.rpm -
Support for the following kernels were added for LiME:
- 6.5.8-100 for FC37
- fmem-kernel-modules-fc37-x86_64-1.6-1.18.noarch.rpm -
Support for the following kernels were added for Fmem:
- 6.5.8-100 for FC37
- lime-kernel-modules-el9-{x86_64,aarch64}-1.9.1-33.noarch.rpm -
Support for the following kernels were added for LiME for both the x86_64 and aarch64 architectures:
- 5.14.0-381 for EL9
- fmem-kernel-modules-el9-{x86_64,aarch64}-1.6-1.33.noarch.rpm -
Support for the following kernels were added for Fmem for both the x86_64 and aarch64 architectures:
- 5.14.0-381 for EL9
- lime-kernel-modules-el8-x86_64-1.9.1-46.noarch.rpm -
Support for the following kernels were added for LiME:
- 4.18.0-521 for EL8
- 4.18.0-519 for EL8
- fmem-kernel-modules-el8-x86_64-1.6-1.46.noarch.rpm -
Support for the following kernels were added for Fmem:
- 4.18.0-521 for EL8
- 4.18.0-519 for EL8