LiFTeR: Changes for November 10, 2021
- python36-xlsxwriter-3.0.2-1.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
- zeek{,-btest,-btest-data,-core,ctl,-devel,-libcaf-devel,-zkg}-4.1.1-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm, and libbroker-devel-4.1.1-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin
[[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
- snort-3.1.16.0-1.{fc32,fc33,fc34,el8}.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the announcement.
Note that these packages have been installed in the forensics-test repository.
- fuse-python{2,3}-1.0.4-1.{fc32,fc33,fc34}.x86_64.rpm -
Fuse-Python is a Python interface to libfuse,
a simple interface for userspace programs to export a virtual filesystem to the Linux kernel.
- guymager-0.8.12-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
Guymager is a forensic imaging package.
See here for the list of changes.
- python{2,3}-pycparser-2.21-1.el8.noarch.rpm -
Python-PYCParser is a complete C99 parser in pure Python.
- rifiuti2-0.7.0-20.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file.
This package was updated to avoid a conflict with the rifiuti package.
- python3-artifacts-20211107-1.{fc32,fc33,fc34,el8}.x86_64.rpm, python36-artifacts-20211107-1.el7.x86_64.rpm, and artifacts-data-20211107-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
Artifacts is a free, community-sourced,
machine-readable knowledge base of digital forensic artifacts that the world can use both as an information source and within other tools.
- pfring-8.0.0-7085.{el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
- pfring-dkms-8.0.0.7085-7085.{el7,el8}.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-4.0.0-3415.{el7,el8}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- CERT-Forensics-Tools-1.0-97.{fc32,fc33,fc34,fc35,el7,el8}.x86_64.rpm -
This release removes the following tools from Fedora 35 only. All other releases are unchanged
- binplist
- shellbags
- vinetto
- Volatility-community-plugins
In addition, the Volatility application has been replaced by a Docker container based on Alpine Linux 3.10. The
volatility
,vol
, andvol.py
programs have been replaced by a script that manages this container. Please address any unexpected behavior or requests for improvements and enhancements to
- fmem-kernel-modules-fc34-x86_64-1.6-1.25.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.14.16-201 for FC34
- 5.14.15-200 for FC34
- 5.14.14-200 for FC34
- lime-kernel-modules-fc34-x86_64-1.9.1-25.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.14.16-201 for FC34
- 5.14.15-200 for FC34
- 5.14.14-200 for FC34
- fmem-kernel-modules-fc33-x86_64-1.6-1.45.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.14.16-101 for FC33
- 5.14.15-100 for FC33
- lime-kernel-modules-fc33-x86_64-1.9.1-45.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.14.16-101 for FC33
- 5.14.15-100 for FC33
- fmem-kernel-modules-el8-x86_64-1.6-1.28.noarch.rpm -
Support for the following kernels were added for Fmem:
- 4.18.0-305.25.1 for EL8
- lime-kernel-modules-el8-x86_64-1.9.1-28.noarch.rpm -
Support for the following kernels were added for LiME:
- 4.18.0-305.25.1 for EL8
- Fedora 35 - The repository now supports Fedora 35
for the x86_64 CPU architecture.
Here is the list of tools provided for Fedora 35:
- fmem-kernel-modules-1.6-1.22.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for Fmem.
Support for the Fedora 35 x86_64 architecture was added.
- lime-kernel-modules-1.1.r17-22.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for LiME.
Support for the Fedora 35 x86_64 architecture was added.
- lime-kernel-modules-fc35-x86_64-1.9.1-2.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.14.16-301 for FC35
- fmem-kernel-modules-fc35-x86_64-1.6-1.2.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.14.16-301 for FC35
- 5.14.16-301 for FC35