Bombardier is a software system that delivers visibility, control, and automation to data center environments. Bombardier provides a means for changes to be rolled out to a network of Linux and Windows servers in a highly controlled way, providing optimum security, logging, and centralized change control.
Hardened Debian improves Debian GNU/Linux with high security and hardening features, hardened kernels and packages, DHKP, and other security related enhancements. It makes systems more difficult to compromise using common attacks such as race conditions, chroot jail escapes, and buffer overflows.
Iron Bars SHell is a restricted Unix shell. The user can not step out of, nor access, files outside the home directory. Two ASCII configuration files are used for more control. The system administrator can define which commands may be executed by the user. No other executables are allowed. The admin also has the opportunity to define what kind of files the user may create. If a file has a certain extension (such as .mp3, .c, etc.), ibsh automatically erases it.
Nast is a packet sniffer and a LAN analyzer based on Libnet and Libpcap. It can sniff the packets on a network interface in normal mode or in promiscuous mode. It dumps the headers of packets and the payload in ASCII or ASCII-hex format. Various packet filters can be applied. The data sniffed can be saved in a separate file. As an analysis tool, it can check for other NICs on the network which are set in promiscuous mode, build a list of all hosts on a LAN, find a gateway, perform port scanning on a multiple hosts, catch daemon banners, follow the TCP data stream, reset a connection, and determine whether a link type is a hub or switch.
Plash is a sandbox for running GNU/Linux programs with minimum privileges. It is suitable for running both command line and GUI programs. It can dynamically grant Gtk-based GUI applications access rights to individual files that you want to open or edit. This happens transparently through the Open/Save file chooser dialog box, by replacing GtkFileChooserDialog. Plash virtualizes the file namespace and provides per-process/per-sandbox namespaces. It can grant processes read-only or read-write access to specific files and directories, mapped at any point in the filesystem namespace. It does not require modifications to the Linux kernel.
rrs is a reverse (connecting) remote shell. Instead of listening, it will connect out to rrs in listen mode. The listener will accept the connection and receive a shell from the remote host. rrs features full pseudo-TTY support, full OpenSSL support (client/server authentication and choice of cipher suites), Twofish encryption, a simple XOR cipher, plain-text sessions, peer-side session snooping, a daemon option, and reconnection features. It is known to compile and run under Linux, FreeBSD, NetBSD, OpenBSD, and QNX.
VanDyke ClientPack is a set of commandline utilities for securely automating file transfer, shell, and public-key administration tasks on Windows, Linux, and Unix platforms. It includes vsftp, an interactive SFTP commandline utility providing quick, easy, and secure file transfer operations, vsh, a commandline shell utility, vcp, a commandline file transfer utility, vkeygen, a public/private key generator utility, and vpka, a commandline tool for uploading keys to a Secure Shell server.
Grml is a live system (live CD) based on Debian. It includes a collection of GNU/Linux software especially for system administrators and users of texttools. It provides automatic hardware detection and its default shell is the zsh. You can use it e.g. as a rescue system, for analyzing systems/networks, or as a working environment. It is not necessary to install anything to a hard disk; you don't even need a hard disk to run it. Due to on-the-fly decompression, it includes more than 2 GB of software and documentation on the CD.