Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Security repo

  1. #1
    Join Date
    Aug 2008
    Location
    Kristinehamn, Sweden
    Posts
    12

    Question Security repo

    Hi,

    I'm looking for a repo that has as much security packages as possibly. What I need at the moment is dsniff, sslsniff etc. The thing is that I have used Gentoo during the years for building my penetration and security boxes. But now it seems like time I should use OpenSuse for more than just desktop. I couldn't find any general repos when searching dsniff only factory repo. And with sslsniff there is nothing in the software search.

    regards,

    /bengan

  2. #2

    Default Re: Security repo

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    There may be a repository on software.opensuse.org that specifically is
    dedicated to security data, but otherwise search all of the OpenSUSE Build
    Service and you can probably find what you're after, and if not you can
    add it and become the authority yourself.

    http://software.opensuse.org/search

    Good luck.





    aggplanta wrote:
    > Hi,
    >
    > I'm looking for a repo that has as much security packages as possibly.
    > What I need at the moment is dsniff, sslsniff etc. The thing is that I
    > have used Gentoo during the years for building my penetration and
    > security boxes. But now it seems like time I should use OpenSuse for
    > more than just desktop. I couldn't find any general repos when searching
    > dsniff only factory repo. And with sslsniff there is nothing in the
    > software search.
    >
    > regards,
    >
    > /bengan
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJKzzzeAAoJEF+XTK08PnB5fB4P/094uaSbZoW5wE68aF/4SV3p
    kW3t0D7oG7PArPKRX1NIOP0moII3BxQGU0O+iy5cM5Ps9xHHjKeelOsYsM+RvnLM
    lEwVGhLxiq7UPOZ3KbkaoVK3ovbWljkHT3bnk0CxNGgW20Qj74mLOzx00cNkgi1d
    ks7VNaADw3uyhcTOPGB3abGTS2BfmU7MnuoZYxJ7NRbSmtTkV7s5RUnpOClVrsmB
    ONUyenjqmediQVU9lLaXC2EPad0LBI+63W9kzC5aZ+UN/+sO+eK8Qec27ouYN1t9
    1B/dJQCq5WJPFWFxP/YKewJMUnckKdVjzMsLp7QrbqczPqiS97XcvTISNY2xHufQ
    PcoB+pizEEOUsZpTLsW37VqB0YsCXDN4UnGF8uznRsfAvcE3y3tb9/9JyKDvqGPL
    TlKXUyyUxrJuQfnzpzJfCbxyO2t1ZN++qj2JCUQcr6kh7dBA7vvezXyD6te9HWk6
    ZDRm1QbzHsWX6A2vfiJphh3+6fBK9MZ4h/V5rJ9mCGODlPO+cUjCaWrKFhEaLkgX
    t6KSxGlVQSHTftRaxY+Q2tL6yqAId1y9BmazE4tdEM/NmNyw5YvFy4xqvNMVHb7k
    mTtBKm6RrUqY0Z26+TcF+fdI0ZKcd3TgsF7KbKHBkZJ61QhXuI9B7f2HjmddpYLn
    6XnhGBhbzCI6PkNF+20f
    =+DZ0
    -----END PGP SIGNATURE-----

  3. #3

    Question Re: Security repo

    I think Aggplanta makes an excellent point. I have oft been surprised to find that many common and basic security / pen testing / hacking tools are not in the Suse repos, whereas in another distro they are usually easily found.

    For example, in this case neither dsniff or sslsniff are in Software.openSUSE.org I had the same experience recently looking for sqlmap and hping, etc, ending up having to build them and then resolve various dependencies, blah blah blah.

    Now, granted, these tools are normally quite easy to build - but really that should not be necessary. In Ubuntu (or other) distros they are a command away. I would love to see the same type tools supported in Suse.

    Honestly, Ubuntu is a great OS to use to hack / test with as there are SO many tools available instantly. I think making these type packages would help Suse be more appealing to users of other OSes who fit this demographic of security professionals / people formally know as h4x0rs, etc.

    Now, I realize I can help contribute too by helping to make these packages. Though, honestly that is not a way I have contributed before, so would have to learn the build service. Not a bad thing, but that is not really my primary point.

    I believe its a valid point that there should be more security / testing tools in the main Suse repos and that adding this should be a focus that would help Suse a lot in the long run.

    Just my opinion of course, but I'd love to hear what others think. Maybe a few of us can work together to address this?

    Cheers,
    Lews Therin

  4. #4

    Default Re: Security repo

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I'd be interested in helping with this if you'd like to collaborate a
    little. I have managed to get things compiled in the OpenSUSE Build
    Service before but have never built an RPM on my own so my experience with
    SPEC files is non-existent, and that's what I need to get down before I
    can be effective. Once the software is compiled all that is left is to
    tell the Build Service (via the SPEC file) which binaries actually go into
    the RPM. If you have experience with that I can show you what I've done
    previously. There is also a build-service forum dedicated to help with
    this kind of thing I should probably ask around in a bit more.

    Good luck.






    LewsTherinTelemon wrote:
    > I think Aggplanta makes an excellent point. I have oft been surprised to
    > find that many common and basic security / pen testing / hacking tools
    > are not in the Suse repos, whereas in another distro they are usually
    > easily found.
    >
    > For example, in this case neither dsniff or sslsniff are in
    > 'Software.openSUSE.org' (http://software.opensuse.org/search) I had the
    > same experience recently looking for sqlmap and hping, etc, ending up
    > having to build them and then resolve various dependencies, blah blah
    > blah.
    >
    > Now, granted, these tools are normally quite easy to build - but really
    > that should not be necessary. In Ubuntu (or other) distros they are a
    > command away. I would love to see the same type tools supported in
    > Suse.
    >
    > Honestly, Ubuntu is a great OS to use to hack / test with as there are
    > SO many tools available instantly. I think making these type packages
    > would help Suse be more appealing to users of other OSes who fit this
    > demographic of security professionals / people formally know as h4x0rs,
    > etc.
    >
    > Now, I realize I can help contribute too by helping to make these
    > packages. Though, honestly that is not a way I have contributed before,
    > so would have to learn the build service. Not a bad thing, but that is
    > not really my primary point.
    >
    > I believe its a valid point that there should be more security /
    > testing tools in the main Suse repos and that adding this should be a
    > focus that would help Suse a lot in the long run.
    >
    > Just my opinion of course, but I'd love to hear what others think.
    > Maybe a few of us can work together to address this?
    >
    > Cheers,
    > Lews Therin
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJK0l6nAAoJEF+XTK08PnB5jTQP+gPcceFWkjtbLlW1jPZrhgzu
    9+ISbMU2wwCFAgkCnVjawGaRADWQ6J9+VLNrYWqKRxedwfmHMK3h+1dRAzNIHUgB
    8dxFDB/qyW8HEnH25Yn/ltXa+YjHvWBXDBGuCEu0BUpXU6A3QH+FL4q28r+QrtwR
    tpj4llPEclCVXxrfHmchrJ6ACFmhm8JFnTQEGRXZcpcYbvmsMx4KT5SD7P2RvdCI
    pI6mwytQcaOv76TNV6e4HOEBxLcpjSGQalnErd/CXMV1yCzzFBMyQouyZhLAv3NW
    +kXSjtpqj10/3sRg2K52NsSvoWuJKNN9XGMfXK0A+e4c+QucfW5qPhVza0DkxR6K
    B4GYY0E5rUqquFctiQwb5TJgvInnlRL7zb+gu80R7M5b6z5m4JLgiZfJktiM0p5n
    0MJMVoYWF8hjqReVImW7J2j4XmYenNVEAspFqHVFly83C9gEMjx4AWukjKKNYXvg
    ooqL9Q6y/LfeBGjNR0Yqu/K1pk8mRpMToxP5yzdncJzbqQcnaj1oTZZ9gwohQhdu
    mvgDLIgm29UlzA+gOgub9nE7Za/Lkncx9WlpFHEyUC4rTHRujAYlFYxJZqCmS3sO
    s8mkBBfYFF7M2WUF0vaw4Vf702pysSit0cFCxX7QgQSjblW4AoPySF6UNzICClO0
    7BZEKM2QVsnLdhjBs91a
    =R1Y0
    -----END PGP SIGNATURE-----

  5. #5

    Default Re: Security repo

    I recently started building several security oriented packages with the idea of extending the package set (and possibly customizing them) to the point where I don't need to use another distro like Backtrack. Once a decent amount of security tools were packaged, I was hoping a security assessment centric community could coalesce around building/maintaining these.

    One of the major discouragements of continuing down this road is the relatively recent German Anti-Hacker law. This law forbids Germans to research, discuss, and disclose security problems.

    This is an ENORMOUS issue for those of us who work in the security field and wish to use openSUSE as a platform for creating/distributing security tools. [I posted about this recently in the OBS forum.]

    I don't want to invest more time working on a security centric repository until the openSUSE community/Novell steps up and addresses this issue. If they don't, openSUSE will never be a suitable option for security professionals to use/build upon.

    The bigger issue is that this law impacts many of the ideas inherent in a open/free community. If Novell doesn't respond in some fashion, what does that say of their commitment to the openSUSE community?

    How much longer will it be before tools like nmap are deemed illegal?

  6. #6

    Default Re: Security repo

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    While I feel sorry for your (I presume) living in a backwards country with
    ignorant politicians, I am a bit perplexed what you expect Novell (a
    company based in the US) needs to do about draconian laws in other countries.

    Regardless if you have ideas on tools that could be added and perhaps even
    SPEC files for them I'll host whatever. I'm not a resident of Germany so
    I presume I'm exempt from the law as long as I'm here (not likely to
    change any time soon).

    Good luck.





    canislycan wrote:
    > I recently started building several security oriented packages with the
    > idea of extending the package set (and possibly customizing them) to the
    > point where I don't need to use another distro like Backtrack. Once a
    > decent amount of security tools were packaged, I was hoping a security
    > assessment centric community could coalesce around building/maintaining
    > these.
    >
    > One of the major discouragements of continuing down this road is the
    > relatively recent German Anti-Hacker law. This law forbids Germans to
    > research, discuss, and disclose security problems.
    >
    > This is an ENORMOUS issue for those of us who work in the security
    > field and wish to use openSUSE as a platform for creating/distributing
    > security tools. [I posted about this recently in the OBS forum.]
    >
    > I don't want to invest more time working on a security centric
    > repository until the openSUSE community/Novell steps up and addresses
    > this issue. If they don't, openSUSE will never be a suitable option for
    > security professionals to use/build upon.
    >
    > The bigger issue is that this law impacts many of the ideas inherent in
    > a open/free community. If Novell doesn't respond in some fashion, what
    > does that say of their commitment to the openSUSE community?
    >
    > How much longer will it be before tools like nmap are deemed illegal?
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJK1AgYAAoJEF+XTK08PnB5IboQANVgKPEimXh/hXCYL4OF9snQ
    nvJNRbm19+KaEJ4ZbklWNFTVAP07M0mYGqZUqRIbUOdCmZxmKS0iKQOpGQ2kHIgs
    NyiDs74u4e0JKGtcOauJpbHA/0uwG2LRQgo25X883Dr1CHbMZbdmCM+ez16E3mHT
    lgyjDmPuBSs/n0WWhBRTUJ7MPu9v4TYU0umtOYJlFJX66SJ3QgHiVr8aU+Aw7FQO
    1svd4dTo6CEjSKE7aOJym1jkQo40/3sWevnjEJ5vF0bOPRbwQ1O835F9z8ez8um4
    ZWvENHoO9F8jFEysSINBqYI/WKllJHTxoJOrDxAyVqUXlZNrRriK/mEySjnEr0+U
    CN6msGZT9EUpgPDgeX9O3ZOKx7dL2+aPe+oyub+JKNzcQInL9zOPrcey+dZ9z+dh
    DPW2FI8VchNO6nrWckVnGLdHriRPr4hhmTuBg/gVuv0j/fRIjwjgf3uDug/Mtlna
    6EIsGuPaLn6f3UHQtP2CqUQGCSRn6h5ftvNQb7sJMp9XoxknDi02oCCQ3feznJKl
    gUyGoXZ2r/ylK8V+XBGZLN5YDA0Tp+BcQMI9em+wwXXKzOoXpu1y/SoinaDD5WHA
    EhCFSQEnNqbQcIxEzyB/3Fc5LM3mrQg72vHuuCRAdbVOBMk2dIMBpdHPdSGCR95C
    8n5XF4dVQbqhXx/WCyEs
    =F+gY
    -----END PGP SIGNATURE-----

  7. #7
    Join Date
    Mar 2008
    Location
    Bochum, Germany
    Posts
    3,587

    Default Re: Security repo

    * canislycan wrote, On 10/13/2009 05:26 AM:

    > One of the major discouragements of continuing down this road is the
    > relatively recent German Anti-Hacker law. This law forbids Germans to
    > research, discuss, and disclose security problems.


    Not true.

    202c StGB outlaws *making* software intended to be used for a criminal activity described in 202a StGB (illegal interception/exposure of data) or 202b StGB (data theft). The question is, what did you intend to do when you wrote the app. Did you plan to make a software for illegal purposes or a software for something else, which can be abused for criminal purposes?

    The Bundesverfassungsgericht, our constitutional court, made that pretty clear recently.

    Example:
    Wireshark is a tool which can be used to diagnose network problems as well as intercepting data. If you use it to diagnose problems, that's of course okay. If you use it to sniff internet banking data, you'll be charged according to 202a StGB (amongst others, that is <G>).
    Now lets assume I'm the author of wireshark. Will they charge me for breaking the rules in 202c StGB? No. Because I didn't make this software for this purpose. You just abused it.
    What about that virus you wrote, intercepting internet banking data and sending it to Russia? Definitely a case of 202c StGB.

    BTW, the paragraph mentioned doesn't cover research, discussion or disclosure of security problems at all.

    HTH
    Uwe

  8. #8

    Default Re: Security repo

    Here's how I came to understand this (I'm not German, except on my grandfathers side =):

    #!/bin/the hacker's choice - THC Press Release

    [opensuse-security] Re: [opensuse-buildservice] Metasploit and same type

    If I understand correctly what your saying, it all comes down to "intent". If thats the case, it would mean I can package metasploit, w3af, and similar tools on the OBS servers which are located in Germany. Which, is what I want to do.

    However, if this is true, why did THC along with other security research groups move out of Germany? Why does someone from SUSE say metasploit is probably illegal to load on the build servers?

    Thanks for posting, I appreciate any comments regarding this. It would be great to find some clear resolution to what can/can not be done.

  9. #9

    Default Re: Security repo

    Quote Originally Posted by canislycan View Post
    One of the major discouragements of continuing down this road is the relatively recent German Anti-Hacker law. This law forbids Germans to research, discuss, and disclose security problems.
    Now that's interesting, the FUD which is being spread about/through this law, seems to work.

    Did you ask a laywer about that or ist this just your interpretation what you heard in the media?

    I bet it's the latter.

  10. #10
    Join Date
    Mar 2008
    Location
    Bochum, Germany
    Posts
    3,587

    Default Re: Security repo

    * canislycan,

    outdated information. Back then, people got quite hysterical about this new law. Our constitutional court decided that there's no problem, but that was in June 2009.

    http://www.h-online.com/security/App...--/news/113571

    has the IMHO correct information about the plot in English.

    HTH
    Uwe

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •