Microsoft to Create Linux Kernel WSL2 Mods Repo

The Linux kernel for WSL2 (Windows Subsystem for Linux v2) is based on release 4.19, which runs in a Windows environment using a VM used in Azure
01 July 2019   539

Microsoft has published all changes and additions to the Linux kernel used in the kernel for the WSL 2 subsystem (Windows Subsystem for Linux v2). The second edition of WSL is a full-fledged Linux kernel, instead of an emulator translating Linux system calls into Windows system calls on the fly. The availability of source code allows enthusiasts to build their Linux kernel builds for WSL2, if desired, taking into account the nuances of this platform.

The Linux kernel shipped in WSL2 is based on release 4.19, which runs in a Windows environment using a virtual machine already used in Azure. Updates for the Linux kernel are delivered through the Windows Update mechanism and are tested in the Microsoft continuous integration infrastructure. Prepared patches include optimizations to reduce kernel startup time, reduce memory consumption, and leave the minimum required set of drivers and subsystems in the kernel.

In addition, Microsoft has applied for a linux-distros private mailing list that publishes information about new vulnerabilities at an early stage of their detection, allowing distributions to prepare to fix problems before public announcement. Access to the mailing list is required by Microsoft to obtain information about new vulnerabilities affecting such distributional-like assemblies as Azure Sphere, Windows Subsystem for Linux v2 and Azure HDInsight, which are not based on practices of existing distributions. Greg Kroah-Hartman, who is responsible for maintaining a stable kernel branch, is ready to act as a guarantor. The decision to grant access has not yet been made.

Get more info at GitHub.

Suricata 5.0 to be Available

Suricata is a cybersecurity solution, an intrusion detection system and intrusion prevention system with opened source code
16 October 2019   115

OISF (Open Information Security Foundation) has published the release of Suricata 5.0, a network intrusion detection and prevention system that provides inspection tools for various types of traffic. In Suricata configurations, it is permissible to use the signature database developed by the Snort project, as well as the Emerging Threats and Emerging Threats Pro rule sets. The source code for the project is distributed under the GPLv2 license.

Some of the major changes:

  • New log parsing and logging modules for RDP, SNMP and SIP protocols written in Rust are introduced;
  • In addition to support for the JA3 TLS client authentication method that appeared in the previous release, support for the JA3S method is added, which allows to determine which software is used to establish the connection based on the connection negotiation features and parameters that are set (for example, it allows you to determine the use of Tor and other typical applications);
  • An experimental ability to compare with a selection from large data sets has been added, implemented using the new dataset and datarep operations. For example, the feature is applicable for searching masks in large blacklists with millions of entries;

Get more info at official website.