LiFTeR: Changes for June 16, 2021
- libbde{,-devel,-python3,-tools}-20210605-1.{fc32,fc33,fc34,el8}.x86_64.rpm and libbde{,-devel,-python36,-tools}-20210605-1.el7.x86_64.rpm -
Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
- python{2,3}-pefile-2021.5.24-1.{fc32,fc33,fc34,el8}.noarch.rpm and python{2,36}-pefile-2021.5.24-1.el7.noarch.rpm -
PEFile is a Portable Executable reader module.
- python3-dfvfs-20210606-1.{fc32,fc33,fc34,el8}.noarch.rpm and python36-dfvfs-20210606-1.el7.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
- plaso-20210606-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as
log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
Details of this update are available here.
- snort-2.9.18-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the changes in this version.
This release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.
- snort-sample-rules-2.9.18-1.{fc32,fc33,fc34,el7,el8}.noarch.rpm -
These rules are sample rules only and are intended to allow snort to start successfully.
These rules only flag HTTP traffic destined for port 80.
Please see the snort rules page to acquire a current set of snort rules.
- snort-openappid-2.9.18-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort.
See here for more details.
See the OpenAppId Detector Developer Guide for more information.
To install snort-openappid on your system, you must first remove snort.
Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi
In addition, this release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
- libregf{,-devel,-python3,-tools}-20210615-1.{fc32,fc33,fc34,el8}.x86_64.rp and libregf{,-devel,-python36,-tools}-20210615-1.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
- fmem-kernel-modules-fc34-x86_64-1.6-1.8.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.12.10-300 for FC34
- lime-kernel-modules-fc34-x86_64-1.9.1-8.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.12.10-300 for FC34
- fmem-kernel-modules-fc33-x86_64-1.6-1.29.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.12.10-200 for FC33
- lime-kernel-modules-fc33-x86_64-1.9.1-29.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.12.10-200 for FC33
- fmem-kernel-modules-el7-x86_64-1.6-1.77.noarch.rpm -
Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.25.1 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-77.noarch.rpm -
Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.25.1 for EL7