C-ICAP Classify is a module that allows classification (labeling) of Web pages, images, and soon video based on content. Labels are placed in HTTP headers. Any PIC-Label META tags are exported into HTTP headers. This allows for creation of very flexible filters according to rules defined by the user, using the ICAP enabled proxy's ACLs. It is not a URL filter, so implementing it with sslBump or similar proxy technologies makes it very difficult to bypass. Text classification is done using Fast Hyperspace (based on Hyperspace from CRM114) and/or a Fast Naive Bayes. Image and video (when implemented) use haar feature detection from the OpenCV library.
MQ Channel Auto Creation Manager (MQCACM) is an MQ Channel Auto-Definition (MQ CHAD) exit which allows a company to control and restrict incoming connection requests to auto-create a channel. MQCACM is invoked when a request is received to start an undefined Receiver, Server-Connection, Cluster-Receiver, or Cluster-Sender channel. MQCACM can modify or clear the supplied default channel definition values for an instance of the channel, so there is no exit incompatibility (cross-platform or otherwise).
CIRCLean aims to be used by someone receiving a USB key from an untrusted source who wants to see the content without opening the original and potentially malicious files. The code runs on a Raspberry Pi, which means it is never required to plug the original USB key into a computer.
ivepkg is a package manager with a focus on homebuilt distributions like Linux From Scratch. Therefore, ivepkg has no repository or network abilities, but is specialized on installing tarballs to a system. Its key features are an easy-to-use database (sqlite3) and a sha1 checksum of every installed file. These make it possible to know which files have been altered (for example, by a malicious attack).
Sanewall is a firewall builder for Linux that uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need. Sanewall is a fork of FireHOL and can make use of existing FireHOL configurations.
iptables-bash_completion provides programmable completion for the iptables and ip6tables programs. iptables options are shown only if they are valid at the current context. It supports completion of options, matches, and targets, and dynamic retrieval of data from the system, including chains, set names, interfaces, and hostnames. Environment variables allow completion options to be tuned. IP and MAC addresses can be supplied using a file.
"PHP Web Security Monitor" is designed to protect Internet sites created with PHP from malicious queries from hackers and Web viruses. It filters common PHP variables via prepared security patterns and compares (unprotected) input variables against patterns of dangerous data, such as SQL injection, XSS injection, and PHP code compromising.