Bug#990302: ITP: bulk-extractor -- A stream-based forensics tool for triage and cross-evidence analysis, which scans the media and extracts recognizable content
Package: wnpp X-Debbugs-Cc: debian-devel@lists.debian.org, debian-security-to...@lists.debian.org Owner: Jan Gru Severity: wishlist * Package name: bulk-extractor Version : 1.6.0 Upstream Author : Simson L. Garfinkel * URL : https://github.com/simsong/bulk_extractor * License : MIT and CC0 Programming Lang: C++, Python (and Java for the BEViewier, probably not packaged) Description : A stream-based forensics tool for triage and cross-evidence analysis, which scans the media and extracts recognizable content bulk_extractor is a program for bulk data extraction and analysis, it carves for relevant features such as email addresses, credit card numbers, URLs, and other types of information from digital evidence files in a stream-based manner by parallelized processing blocks to omit disk seeking. ** Why is this package relevant? It is a useful tool for forensic investigations, because it is way more than just another file carver. The program provides several unusual capabilities including: - It finds email addresses, URLs and credit card numbers that other tools miss because it can process compressed data (like ZIP, PDF and GZIP files) and incomplete or partially corrupted data. - It can carve JPEGs, office documents and other kinds of files out of fragments of compressed data. It will detect and carve encrypted RAR files. - It builds word lists based on all of the words found within the data, even those in compressed files that are in unallocated space. Those word lists can be useful for password cracking. - It is multi-threaded; running bulk_extractor on a computer with twice the number of cores typically makes it complete a run in half the time. - It creates histograms showing the most common email addresses, URLs, domains, search terms and other kinds of information on the drive. The program is authored by the renowned forensics researcher Simson L. Garfinkel, who is probably most recognized for his work on DFXML at the Naval Postgraduate School (NPS) and the National Institute of Standards and Technology (NIST). It provides rich documentation -- for the end-users as well as for potential contributors [0]. To sum it up, bulk_extractor has great potential for improving triage and automatation workflows within digital forensics and should be therefore included in Debian's package sources. ** Resolved issues bulk_extractor is already packaged in Kali [1], but had licensing issues until recently. To be more precise, it linked code with OpenSSL while not explicitly permitting it and used a the modified MIT-license from the JSON-project, which is considered non-free and not DFSG-compliant. To overcome this issues I resolved this issues in cooperation with upstream by sending two recent patches [2], which were already accepted. ** Maintanance plan I plan to maintain it within the pkg-security-team's repository on salsa, where a lot of forensics packages live [3]. I am looking for a sponsor of this package, who would be ideally a member of the a/m team. Best regards Jan [0] See http://digitalcorpora.org/downloads/bulk_extractor/BEUsersManual.pdf, https://digitalcorpora.s3.amazonaws.com/downloads/bulk_extractor/BEProgrammersManual.pdf and https://digitalcorpora.s3.amazonaws.com/downloads/bulk_extractor/BEWorkedExamplesStandalone.pdf [1] See https://tools.kali.org/forensics/bulk-extractor [2] See https://github.com/simsong/bulk_extractor/issues/168, https://github.com/simsong/bulk_extractor/pull/169 and https://github.com/simsong/bulk_extractor/pull/170 [3] See https://salsa.debian.org/pkg-security-team/
Work-needing packages report for Jun 25, 2021
The following is a listing of packages for which help has been requested through the WNPP (Work-Needing and Prospective Packages) system in the last week. Total number of orphaned packages: 1219 (new: 0) Total number of packages offered up for adoption: 204 (new: 0) Total number of packages requested help for: 61 (new: 0) Please refer to https://www.debian.org/devel/wnpp/ for more information. No new packages have been orphaned, but a total of 1219 packages are orphaned. See https://www.debian.org/devel/wnpp/orphaned for a complete list. No new packages have been given up for adoption, but a total of 204 packages are awaiting adoption. See https://www.debian.org/devel/wnpp/rfa_bypackage for a complete list. For the following packages help is requested: apache2 (#910917), requested 985 days ago Description: Apache HTTP Server Reverse Depends: apache2 apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine backuppc bfh-container-server courier-webadmin cvsweb debbugs-web doc-central (139 more omitted) Installations reported by Popcon: 93982 Bug Report URL: https://bugs.debian.org/910917 asciio (#968843), requested 306 days ago Description: dynamically create ASCII charts and graphs with GTK+2 Installations reported by Popcon: 70 Bug Report URL: https://bugs.debian.org/968843 aufs (#963191), requested 369 days ago Description: driver for a union mount for Linux filesystems Reverse Depends: fsprotect Installations reported by Popcon: 11778 Bug Report URL: https://bugs.debian.org/963191 autopkgtest (#846328), requested 1667 days ago Description: automatic as-installed testing for Debian packages Reverse Depends: debci-worker sbuild-qemu Installations reported by Popcon: 1225 Bug Report URL: https://bugs.debian.org/846328 balsa (#642906), requested 3560 days ago Description: An e-mail client for GNOME Installations reported by Popcon: 608 Bug Report URL: https://bugs.debian.org/642906 cargo (#860116), requested 1535 days ago Description: Rust package manager Reverse Depends: dh-cargo Installations reported by Popcon: 2304 Bug Report URL: https://bugs.debian.org/860116 courier (#978755), requested 175 days ago Description: Courier mail server Reverse Depends: courier-faxmail courier-filter-perl courier-imap courier-ldap courier-mlm courier-mta courier-pcp courier-pop courier-webadmin couriergrey (3 more omitted) Installations reported by Popcon: 985 Bug Report URL: https://bugs.debian.org/978755 cron (#984736), requested 109 days ago Description: new maintainer need Reverse Depends: apticron autolog backintime-common btrfsmaintenance buildd checksecurity clamtk cricket email-reminder exim4-base (20 more omitted) Installations reported by Popcon: 200303 Bug Report URL: https://bugs.debian.org/984736 cyrus-imapd (#921717), requested 867 days ago Description: Cyrus mail system - IMAP support Reverse Depends: cyrus-admin cyrus-caldav cyrus-clients cyrus-dev cyrus-imapd cyrus-murder cyrus-nntpd cyrus-pop3d cyrus-replication Installations reported by Popcon: 425 Bug Report URL: https://bugs.debian.org/921717 cyrus-sasl2 (#799864), requested 2101 days ago Description: authentication abstraction library Reverse Depends: 389-ds-base adcli autofs-ldap cyrus-caldav cyrus-clients cyrus-common cyrus-dev cyrus-imapd cyrus-imspd cyrus-murder (78 more omitted) Installations reported by Popcon: 199776 Bug Report URL: https://bugs.debian.org/799864 dbad (#947550), requested 544 days ago Description: dnsmasq-based ad-blocking using pixelserv Bug Report URL: https://bugs.debian.org/947550 debtags (#962579), requested 379 days ago Description: Debian Package Tags support tools Reverse Depends: packagesearch Installations reported by Popcon: 1479 Bug Report URL: https://bugs.debian.org/962579 dee (#831388), requested 1805 days ago Description: model to synchronize mutiple instances over DBus Reverse Depends: dee-tools gir1.2-dee-1.0 gir1.2-unity-7.0 libdee-dev libunity-dev libunity-protocol-private0 libunity-tools libunity9 zeitgeist-core Installations reported by Popcon: 25827 Bug Report URL: https://bugs.debian.org/831388 developers-reference (#759995), requested 2490 days ago Description: guidelines and information for Debian developers Installations reported by Popcon: 4458 Bug Report URL: https://bugs.debian.org/759995 devscripts (#800413), requested 2095 days ago Description: scripts to make the life of a Deb
Re: What are desired semantics for /etc/shells?
Helmut> I solicit feedback on this summary and approach. Barring Helmut> unforseen issues, I plan to open a bug against debianutils Helmut> to incorporate the change and once implemented opening bugs Helmut> against all shell providers at normal severity to convert Helmut> their add-shell/remove-shell calls to declarative ones and Helmut> at rc-severity for not retaining local changes. Your summary and approach sounds good to me as someone who has tracked the discussion. signature.asc Description: PGP signature
Bug#990291: ITP: nftfw -- an nftables firewall builder for Debian
Package: wnpp Severity: wishlist Owner: Peter Collinson * Package name: nftfw Version : 0.9.0 Upstream Author : Peter Collinson * URL : https://github.com/pcollinson/nftfw * License : MIT/X Programming Lang: Python Description : an nftables firewall builder for Debian Introduction Here is the current text in the debian/control file: The nftfw package builds firewalls for nftables. Configuration is based on files stored in directories in /etc/nftfw. For example, adding a new IP address to the whitelist is done by creating a file named for the IP address in the whitelist.d directory. Adding a new rule permitting access to a port just takes the addition of a suitably named file in incoming.d. Blacklisting address ranges is done by adding a CIDR address to a file in blacknets.d. . nftfw can automatically maintain the blacklist by efficiently scanning log files using regular expressions and adding miscreant IP addresses into blacklist.d. It maintains a database of activity and will timeout the entries after a user-defined period. When an IP is blocked, nftfw allows for feedback from nftables to notice and maintain blocking for frequent attempts from unwanted visitors. . nftfw makes extensive use of nftables sets to maintain exclusion and inclusion lists. It tries to minimise changes to the live firewall by only updating sets that have changed. It adds its created statements to an nftables template that can be modified to extend the firewall setup if needed. . After installation, some configuration is needed to make the system active, see /usr/share/doc/nftfw/README.Debian . The package is written and developed in Python 3.7. More information can be found on Github, there are several documents in the 'docs' directory that I've written first for manual installation and recently Debian packaging. These are in .md, HTML and PDF formats. Once I have this bug number I will be uploading the binary package to github. What's the history of this project? --- nftfw is based on work done by Patrick Cherry for his hosting company in the UK, Bytemark. His system was written in Ruby and was part of a complete management system called Symbiosis for Debian servers. The firewall part drove iptables. The company was sold and the buyer wasn't really interested. Mythic Beasts forked Symbiosis into Sympl and I moved to this new company as a customer. At pretty much the same time, Debian Buster was released with the switch to nftables. I wanted to fix some of the problems that I saw in the original system and decided to start from scratch writing a new firewall system in Python and aiming it at nftables. What I liked about Patrick's approach was the use of what is perhaps the original UNIX philosophy - everything is done in files. This firewall is controlled by an nft template file, which is editable so it can be extended - and then a bunch of specifically named files controlling the firewall in known locations. nftfw makes extensive use of sets, and tries never to reload the complete firewall when a set is changed. There are problems in nftables with some types of set, (I've reported that upstream and they will eventually be fixed I understand) that mean that under some circumstances partial loading doesn't work - and the whole table needs reloading. The system includes a module to scrape log files for attacks, and injects the IP address into blacklist. It can also can scan kernel logs for nftables logging so that sites that keep repeatedly returning can be kept out until they stop. Feedback from the scanner is a big win, bots keep bashing at the door and they are kept out. Log scanning and blocking is also done by fail2ban of course. The nftfw system is implemented because it was part of the original system and I was looking for a drop-in alternative for the Symbiosis system. Also, starting with nftables as a target has meant a re-appraisal of how the system should work. Where is the project? I started nftfw because I was sick of my systems being under attack from all and sundry. It's been running on two different machines that I run for a little over 18 months, and also has been used by some others sys admins who are Mythic Beast customers. There are a few stars on Github, but I have no idea if these people are using it. nftfw was originally installed on these machines from github source. It didn't seem to fit the Python packaging model because it's part of a system and not an application or library. It was loaded into Github in April of 2020 and has been largely stable since then. There has been the odd coding error, or misunderstanding of how to do things, but I would say that the code is well exercised now. Once it was in Github, it provoked significant attacks from all over the world, and mostly from CN. At one point on my public machine, where its website lives (https://nftfw
Add to your pipeline
Hi, We have provided companies with a verified list of contacts with direct contact details. We can customize our database to your target industries and location. We have specific databases which we can customize to the states or cities and various industries you target. We have collected their job titles so every contact on the list with have their job titles which is very important. We can filter our databases by the revenue of the company or the number of employees. It will save you time and money to get a list ready for any sales and marketing campaigns. All you need to do is load the list, start your campaigns and watch interested potential customers get in touch. Please let me know if you are interested and the industries and states / cities you target. We will send you more details according to your needs. Look forward to your response. Regards, Caroline Williams | Marketing Consultant Reply only opt-out in the subject line to remove from the mailing list.
Re: What are desired semantics for /etc/shells?
On Thu, Jun 24, 2021 at 06:12:05PM +0200, Felix C. Stegerman wrote: > * Helmut Grohne [2021-06-24 08:10]: > > Felix C. Stegerman cautioned that the contents of /etc/shells depends on > > whether the underlying system is /usr-merged. > > It also means that on /usr-merged systems e.g. /bin/screen is not a > "valid" shell, but /usr/bin/screen is (even though they are the same > file), which may be fine in practice but seems counter-intuitive to > me. That will be a problem in environments having a central user database. Since password entries will be the same on all hosts, the contents of /etc/shells should also be the same - otherwise, users may not be able to log in. So /etc/shells changing depending on usrmerge is not just counter-intuitive, but it has the potential of breaking things. Gabor
Bug#990289: ITP: django-pglocks -- Django based context manager for PostgreSQL advisory locks
Package: wnpp Severity: wishlist Owner: Carsten Schoenert X-Debbugs-Cc: debian-devel@lists.debian.org * Package name: django-pglocks Version : 1.0.4 Upstream Author : Christophe Pettus * URL : https://github.com/Xof/django-pglocks * License : MIT Programming Lang: Python Description : Django based context manager for PostgreSQL advisory locks django-pglocks is a context manager for Django. Advisory locks are application-level locks that are acquired and released purely by the client of the database; PostgreSQL never acquires them on its own. They are very useful as a way of signalling to other sessions that a higher-level resource than a single row is in use, without having to lock an entire table or some other structure. It's entirely up to the application to correctly acquire the right lock. Advisory locks are either session locks or transaction locks. A session lock is held until the database session disconnects (or is reset); a transaction lock is held until the transaction terminates. Currently, the context manager only creates session locks, as the behavior of a lock persisting after the context body has been exited is surprising, and there's no way of releasing a transaction-scope advisory lock except to exit the transaction. This package is a dependency for netbox I consider to package. The package will get maintained within the Debian Python Team.
Re: What are desired semantics for /etc/shells?
Hi, * Helmut Grohne [2021-06-24 08:10]: > Felix C. Stegerman cautioned that the contents of /etc/shells depends on > whether the underlying system is /usr-merged. It also means that on /usr-merged systems e.g. /bin/screen is not a "valid" shell, but /usr/bin/screen is (even though they are the same file), which may be fine in practice but seems counter-intuitive to me. > * While the order of /etc/shells will not be sorted, it will be >deterministic if update-shells is run after all packages have been >unpacked. Installing two packages one after another will still cause >their order in /etc/shells to differ, but changing the order of >/etc/shells could break comments left by administrators. So this is a >compromise that partially improves reproducibility without regressing >maintainability of /etc/shells. I hope that it is sufficient in >practice. Sorting /etc/shells if the only comment in it is the current |# /etc/shells: valid login shells on line 1 would seem acceptable to me. > for f in "$PKG_DIR/"*; do Would it make sense to set LC_COLLATE for deterministic ordering here? - Felix
Bug#990275: ITP: golang-github-zmap-zcrypto -- Liberal Go TLS + X.509 Library for Research
Package: wnpp Severity: wishlist Owner: Peymaneh Nejad * Package name: golang-github-zmap-zcrypto Version : 0.0~git20210607.59eac19-1 Upstream Author : The ZMap Project * URL : https://github.com/zmap/zcrypto * License : Expat, Apache-2.0, ISC, BSD-3-Clause Programming Lang: Go Description : Liberal Go TLS + X.509 Library for Research ZCrypto contains specialized versions of tls and x509. It is written in Golang and is primarily based on Golang's TLS library This package is a dependency of zlint (#915788)
Bug#990269: ITA: golang-github-naoina-toml -- TOML parser and encoder library for Golang
Package: wnpp Severity: wishlist Owner: Peymaneh Nejad * Package name: golang-github-naoina-toml Version : 0.1.1 Upstream Author : Naoya Inada * URL : https://github.com/naoina/toml * License : Expat Programming Lang: Go Description : TOML parser and encoder library for Golang Package was removed from unstable[1] but is now needed for packaging caddy (#810890) Its past maintainer is not interesting in maintaining it. [1] https://tracker.debian.org/news/1065364/removed-011-4-from-unstable/ [2] https://lists.debian.org/debian-go/2021/06/msg00036.html
