LiFTeR: Changes for September 21, 2022
- snort-3.1.41.0-1.{fc34,fc35,fc36,el8}.x86_64.rpm and snort-3.1.41.0-1.el9.{x86_64,aarch64}.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the list of changes.
- flex{,-devel,-doc}-2.6.1-9.el7.x86_64.rpm -
Flex is a tool for generating scanners: programs which recognize lexical patterns in text.
This was built to support building zeek.
- zeek{,-btest,-btest-data,-client,-core,ctl,-devel,-spicy-devel,-zkg}-5.0.1-1.x86_64.rpm libbroker-devel-5.0.1-1.x86_64.rpm for Fedora 34-36 and CentLS/RHEL 7, 8 Stream and 9 Stream, and zeek{,-btest,-btest-data,-client,-core,ctl,-devel,-spicy-devel,-zkg}-5.0.1-1.aarch64.rpm and libbroker-devel-5.0.1-1.aarch64.rpm for CentOS 9 Stream -
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin
[[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
- pfring-8.3.0-7809.{el7,el8,amzn2}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
- pfring-dkms-8.3.0.7809-7809.{el7,el8,amzn2}.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-4.5.0-3946.{el7,el8,amzn2}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- lime-kernel-modules-fc36-x86_64-1.9.1-16.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.19.9-200 for FC36
- fmem-kernel-modules-fc36-x86_64-1.6-1.16.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.19.9-200 for FC36
- lime-kernel-modules-fc35-x86_64-1.9.1-40.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.19.9-100 for FC35
- fmem-kernel-modules-fc35-x86_64-1.6-1.40.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.19.9-100 for FC35
- fmem-kernel-modules-el9-{x86_64,aarch64}-1.6-1.13.noarch.rpm -
Support for the following kernels were added for Fmem for both the x86_64 and aarch64 architectures:
- 5.14.0-162 for EL9
- 5.14.0-163 for EL9
- 5.14.0-165 for EL9
- lime-kernel-modules-el9-{x86_64,aarch64}-1.9.1-13.noarch.rpm -
Support for the following kernels were added for LiME for both the x86_64 and aarch64 architectures:
- 5.14.0-162 for EL9
- 5.14.0-163 for EL9
- 5.14.0-165 for EL9