GNU Anubis is an SMTP message submission daemon. It represents an intermediate layer between the mail user agent (MUA) and mail transport agent (MTA), receiving messages from the MUA, applying to them a set of predefined changes, and finally inserting modified messages into an MTA routing network. The set of changes applied to a message is configurable on a system-wide and per-user basis. The built-in configuration language used for defining sets of changes allows for considerable flexibility and is easily extensible.
NuFW is an authenticating firewall. It adds strict and secure identity-based filtering capabilities to enterprise-grade firewalls. It can also set quality of service on a per-user basis and log user activities into an SQL database. Furthermore, it can use multiple external authentication sources via PAM and be the key of a Single Sign On solution.
EncFS is an encrypted pass-through filesystem which runs in userspace on Linux (using the FUSE kernel module). Similar in design to CFS and other pass-through filesystems, all data is encrypted and stored in the underlying filesystem. Unlike loopback filesystems, there is no predetermined or pre-allocated filesystem size.
Pak transfers multiple, possibly very big, regular files between possibly different hosts you have shell access to. It transmits segment IDs instead of file names and uses on-the-fly Blowfish-CBC encryption while being absolutely restartable with practically no loss of data already transmitted. Encrypted pak streams can be stored in intermediary regular files on untrusted hosts. Several stored pak streams, even truncated ones, can be merged for re-piping without decryption. Integrity is never checked. File offsets of any magnitude are supported via recompilation (the default width is 64 bits). Either UNIX 95 or UNIX 98 conformance is required and sufficient.
The RegLookup project is devoted to direct analysis of Windows NT-based registry files. RegLookup provides command line tools, a C API, and a Python module for accessing registry data structures. The project has a focus on providing tools for digital forensic examiners (though it is useful for many purposes), and includes algorithms for retrieving deleted data structures from registry hives.
homeLANsecurity is a series of shell scripts for loading iptables firewall rules. The goal of these scripts is to provide an easy to manage framework for standard iptables rule sets. The scripts are well documented and are easily edited. It is primarily designed to operate on home or small office gateway Linux system, but the scripts can be easily adapted to protect an individual Linux server or workstation. homeLANsecurity's command set is written to support loading, clearing, saving, restoring, testing, and displaying of iptables rules. The configuration supports NAT, port forwarding of common services, TOS packet mangling, OpenVPN, Squid transparent proxy, IP address banning, adaptive banning, and connection tuning. Custom iptables rules are easily inserted without any editing of the scripts themselves.
gnoMint is a tool for easily creating and managing certification authorities. It provides fancy visualization of all the pieces of information that pertain to a CA, such as x509 certificates, CSRs, and CRLs. gnoMint is currently capable of managing a CA that emits certificates that are able to authenticate people or machines in VPNs (IPSec or other protocols), secure HTTP communications with SSL/TLS, authenticate and cipher HTTP communications through Web-client certificates, and sign or crypt email messages.
MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having common users and groups. These hosts form a security realm that is defined by a shared cryptographic key. Clients within this security realm can create and validate credentials without the use of root privileges, reserved ports, or platform-specific methods.