grsecurity is a complete security system for Linux 2.4 and 2.6 that implements a detection/prevention/containment strategy. It prevents most forms of address space modification, confines programs via its Role-Based Access Control system, hardens syscalls, provides full-featured auditing, and implements many of the OpenBSD randomness features. It was written for performance, ease-of-use, and security. The RBAC system has an intelligent learning mode that can generate least privilege policies for the entire system with no configuration. All of grsecurity supports a feature that logs the IP of the attacker that causes an alert or audit.
SEPPL is both a protocol definition and a software implementation of a new encryption layer for IPv4. It is extremely leightweight and easy to use. It is implemented for the Linux kernel and makes use of netfiler and the Linux CryptoAPI. It is intended as a software replacement for WEP but may be used on non-wireless lans as well. It even fits for VPN solutions.
Hardened Debian improves Debian GNU/Linux with high security and hardening features, hardened kernels and packages, DHKP, and other security related enhancements. It makes systems more difficult to compromise using common attacks such as race conditions, chroot jail escapes, and buffer overflows.
Cryproc is module for the Linux 2.6 kernel that allows user space programs to access the kernel's cryptographic functions. When loaded, the module creates a file called "cryproc" in the /proc filesystem. Applications can open this file read-write and instruct the kernel to perform some of the functions the CryptoAPI provides. A sample application, cryproc-tool, is provided.
The Real-Time Proactive Secret Sharing Library is an implementation of the Shamir's secret sharing scheme and Herzberg's proactive secret sharing algorithm. The library targets the RTAI OS. It includes a port of GNU GMP to RTAI, which is used for multiple precision arithmetic operations.
HAVEGE (HArdware Volatile Entropy Gathering and Expansion) is a user-level software unpredictable random number generator for general-purpose computers that exploits modifications of the internal volatile hardware states as a source of uncertainty. It combines on-the-fly hardware volatile entropy gathering with pseudo-random number generation. The internal state includes thousands of internal volatile hardware states and is merely unmonitorable. It can support several hundreds of megabits per second on current workstations and PCs.