Projects tagged ‘linux’, ‘security’, and ‘systems_administration’

Filesystem in Userspace is a simple interface for userspace programs to export a virtual filesystem to the Linux kernel. It also aims to provide a secure method for non privileged users to create and mount their own filesystem implementations.

Bacula is a set of programs that allow you to manage the backup, recovery, and verification of computer data across a network of different computers. It is based on a client/server architecture and is efficient and relatively easy to use, while ... [More] offering many advanced storage management features that make it easy to find and recover lost or damaged files. [Less]

grml is a bootable CD (Live-CD) originally based on Knoppix and nowadays based on Debian. grml includes a collection of GNU/Linux software especially for users of texttools and system administrators. grml provides more than 2500 software packages! ... [More] Excluding library stuff, more than 1700 packages remain. We don't ship KDE and OpenOffice, but more than 800 packages which Knoppix does not provide. You'll get sysadmins favourite tools, security- and network-related software, data recovery- and forensic-tools, LaTeX, many editors, shells, and of course many texttools. [Less]

Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also ... [More] possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN. [Less]

Zabbix is software that monitors your servers and applications. Polling and trapping techniques are both supported. It has a simple, yet very flexible notification mechanism, and a Web interface that allows quick and easy administration. It can be ... [More] used for logging, monitoring, capacity planning, availability and performance measurement, and providing the latest information to a helpdesk. [Less]

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. ... [More] Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches. [Less]

SystemRescueCd is a Linux system available from a bootable CDROM that provides an easy way to perform administrative tasks on your computer, such as creating and editing the partitions of the hard disk or backing up data. It contains a lot of system ... [More] utilities (such as parted, partimage, and fstools), and basic programs (such as editors, midnight commander, and network tools). It also includes QtParted, a Partition Magic clone that makes editing partitons easy with its Qt graphical user interface. This CDROM aims to be very easy to use and accessible to everybody. [Less]

Etherboot is a free software package for making boot ROMs for booting Linux and other operating systems on x86, Itanium, Hammer, and Hyperstone machines over a network using Internet protocols, namely DHCP and tftp.

Firestarter is a firewall tool for Linux, and uses GNOME. You can use the wizard to create a basic firewall, then streamline it further using the dynamic rules. You can open and close ports with a few clicks, or stealth your services giving access ... [More] only to a select few. It features a real-time hit monitor which you can watch as attackers probe your machine for open ports. [Less]

Ganglia is a scalable distributed monitoring system for high-performance computing systems such as clusters and grids. It is based on a hierarchical design targeted at federations of clusters. Ganglia is currently in use on over 500 clusters around the world and has scaled to handle clusters with 2000 nodes.

sshproxy is a pure python implementation of an ssh authenticating proxy. It allows users to connect to remote sites without having to know the password or key of the remote sites. ACL rules can be set up to allow or deny users based on ... [More] different parameters like their IP address or the time of the day. Access attempts are logged via syslog, and an enhanced "action log" system is under development. The client is the standard ssh client. [Less]

Bastille Unix is a Hardening and Reporting/Auditing Program which enhances the security of a Unix box, by configuring daemons, system settings and firewalling. It currently functions on HP-UX, Red Hat, SuSE, Gentoo, Mandrivia, and OSX

Annvix is a free secure Linux-based operating system. The Annvix project aims to provide a secure, stable, and fast Linux distribution specifically tailored to servers that provide reliable services such as Email, Web, DNS, FTP, File sharing, and more.

Openwall GNU/*/Linux (or Owl for short) is a security-enhanced server platform. The primary approaches to security are proactive source code review, privilege reduction, privilege separation, careful selection of third-party software, safe defaults ... [More] , "hardening" to reduce the likelihood of successful exploitation of security flaws, and the uses of "strong" cryptography. Also available are policy enforcement and integrity checking capabilities. Besides the security enhancements, other key properties of Owl include the ability to rebuild the entire system from source with one simple command ("make buildworld"), support for software packages found in or developed for Red Hat's and compatible Linux distributions, and support for multiple architectures (currently x86, x86-64, SPARC, and Alpha). [Less]

pam_passwdqc is a simple password strength checking module for PAM-aware password changing programs, such as passwd(1). In addition to checking regular passwords, it offers support for passphrases and can provide randomly generated ones. All features are optional and can be (re-)configured without rebuilding.

The tcb package contains core components of our tcb suite implementing the alternative password shadowing scheme on Openwall GNU/*/Linux (Owl). It is being made available separately from Owl primarily for use by other distributions. The package ... [More] consists of three components: pam_tcb, libnss_tcb, and libtcb. pam_tcb is a PAM module which supersedes pam_unix. It also implements the tcb password shadowing scheme. The tcb scheme allows many core system utilities (passwd(1) being the primary example) to operate with little privilege. libnss_tcb is the accompanying NSS module. libtcb contains code shared by the PAM and NSS modules and is also used by user management tools on Owl due to our shadow suite patches. [Less]

scanlogd is a TCP port scan detection tool, originally designed to illustrate various attacks an IDS developer has to deal with, for a Phrack Magazine article. Thus, unlike some of the other port scan detection tools out there, scanlogd is designed ... [More] to be totally safe to use. scanlogd supports several packet capture interfaces: the raw socket interface on Linux (which does not require any libraries), libnids, and libpcap. [Less]

Hardened Linux is a secured and minimalized operating system designed to run as a firewall, IDS host, authentication system and VPN gateway.

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. You can then run ... [More] the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided. [Less]

ITVal is an open source utility for testing, and debugging iptables firewall policies. It can detect many different kinds of errors, such as typos, out-of-order rules, faulty understanding of the firewall, or poor assumptions about the policy logic. ... [More] ITVal can also generate a "policy map" that illustrates how the firewall treats various groups of hosts on the network. This grouping is automatically calculated from the policy and can make it very easy to spot anomalies in the policy. Current development on ITVal focuses on ways to partially automate repair of the policy. [Less]

AMaViS (A Mail Virus Scanner) scans e-mail attachments for viruses using third-party virus scanners available for UNIX environments. It resides on a UNIX (Linux) machine and looks through the attached files arriving via e-mail, generates reports when a virus is found and sets the delivery on hold.

PPTP Client allows you to connect to a PPTP server from a Linux box. It sets up a PPTP call, after which the PPP daemon establishes a PPP link over that PPTP call. The client can access PPTP-based VPNs. Besides remote access to internal corporate networks, some CATV and ADSL ISPs are using PPTP to provide Internet access to their customers.

Souptonuts is a repository of various software scripts and tutorials for the following: awk, sed, grep, bash scripts, Excel VBA, VB.Net, C, C++, C#, Flash, ipsec security settings, firewall settings, SQL, kernel hacks, and more.