Suricata 5.0 to be Available

Suricata is a cybersecurity solution, an intrusion detection system and intrusion prevention system with opened source code
16 October 2019   518

OISF (Open Information Security Foundation) has published the release of Suricata 5.0, a network intrusion detection and prevention system that provides inspection tools for various types of traffic. In Suricata configurations, it is permissible to use the signature database developed by the Snort project, as well as the Emerging Threats and Emerging Threats Pro rule sets. The source code for the project is distributed under the GPLv2 license.

Some of the major changes:

  • New log parsing and logging modules for RDP, SNMP and SIP protocols written in Rust are introduced;
  • In addition to support for the JA3 TLS client authentication method that appeared in the previous release, support for the JA3S method is added, which allows to determine which software is used to establish the connection based on the connection negotiation features and parameters that are set (for example, it allows you to determine the use of Tor and other typical applications);
  • An experimental ability to compare with a selection from large data sets has been added, implemented using the new dataset and datarep operations. For example, the feature is applicable for searching masks in large blacklists with millions of entries;

Get more info at official website.

 

Oracle to Release Unbreakable Kernel R5U3

The update for the kernel, that can be used as alternative for Red Hat Enterprise Linux used in the Oracle Linux is based on the Linux 4.14 
25 March 2020   187

Oracle has released the third functional update for the Unbreakable Enterprise Kernel R5 kernel, positioned for use in the Oracle Linux distribution as an alternative to the regular kernel package from Red Hat Enterprise Linux. The kernel is available for x86_64 and ARM64 architectures (aarch64). Kernel sources, including breakdowns into individual patches, are published in the public Oracle Git repository.

The Unbreakable Enterprise Kernel 5 package is based on the Linux 4.14 kernel (UEK R4 was based on the 4.1 kernel), which is supplemented with new features, optimizations and fixes, as well as tested for compatibility with most applications running in RHEL and specially optimized for working with industrial software and Oracle hardware. Installation and src packages with the UEK R5U1 kernel are prepared for Oracle Linux 7 (there are no obstacles to using this kernel in similar versions of RHEL, CentOS and Scientific Linux).

Key improvements:

  • Improved support for 64-bit systems based on the ARM architecture. Updated drivers for ARM.
  • InfiniBand includes on-demand paging support, which allows you to reflect memory through a processor for accessing unallocated pages of memory (page faults), i.e. consume memory when it is actually being used.
  • In XFS, a deadlock was eliminated, which caused the locks to freeze and not free.
  • CIFS resolved an issue that could lead to POSIX lock leaks and crashes.
  • Bug fixes resolving issues with incompatibility of certain equipment with QEMU / KVM.
  • Device drivers are synchronized with the Linux kernel 4.14.35. The driver for Broadcom Emulex LightPulse Fiber Channel SCSI has been updated to version 12.2.0.13.

Get more at the official blog