Lynis is an auditing and hardening tool for Unix derivatives like Linux/BSD/Solaris. It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
EncFS is an encrypted pass-through filesystem which runs in userspace on Linux (using the FUSE kernel module). Similar in design to CFS and other pass-through filesystems, all data is encrypted and stored in the underlying filesystem. Unlike loopback filesystems, there is no predetermined or pre-allocated filesystem size.
GNU SIP Witch is a secure peer-to-peer VoIP server. Calls can be made even behind NAT firewalls, and without requiring service providers. SIP Witch can be used on the desktop to create bottom-up secure calling networks and as a free software alternative to Skype. It can also be used as a stand-alone SIP-based office telephone server, or to create secure VoIP networks for an existing IP-PBX such as Asterisk, FreeSWITCH, or Yate.
NuFW is an authenticating firewall. It adds strict and secure identity-based filtering capabilities to enterprise-grade firewalls. It can also set quality of service on a per-user basis and log user activities into an SQL database. Furthermore, it can use multiple external authentication sources via PAM and be the key of a Single Sign On solution.
cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
CloudVPN is a secure decentralized mesh networking tool. It allows applications to use it as a mesh transport layer for packet routing, easily creating mesh ethernet VPN, secured audio/video broadcasting or communication channels, etc. It can create secured networks with special or weird topologies, so it's very easy to create connection schemes with clustered/decentralized servers, topologies with better throughput, ring-like topologies for failover, long-line for passing through many routes, or tree topology for optimizing inter-server bandwidth needs.
GNU Anubis is an SMTP message submission daemon. It represents an intermediate layer between the mail user agent (MUA) and mail transport agent (MTA), receiving messages from the MUA, applying to them a set of predefined changes, and finally inserting modified messages into an MTA routing network. The set of changes applied to a message is configurable on a system-wide and per-user basis. The built-in configuration language used for defining sets of changes allows for considerable flexibility and is easily extensible.
Tor-ramdisk is a uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced in tor-ramdisk by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key, which may be exported and imported by FTP or SSH.