Clonezilla is a partition or disk cloning tool similar to Symantec Ghost. It saves and restores only blocks in use on the hard drive if the file system is supported. For unsupported file systems, dd is used instead. It has been used to clone a 5 GB system to 40 clients in about 10 minutes.
Lynis is an auditing and hardening tool for Unix derivatives like Linux/BSD/Solaris. It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.
Diskless Remote Boot in Linux (DRBL) provides a diskless or systemless environment for client machines. It works on Debian, Mandriva, Red Hat, Fedora, and SuSE. Unlike LTSP, it uses distributed hardware resources and makes it possible for clients to fully access local hardware. It also includes Clonezilla, a partitioning and disk cloning utility similar to Symantec Ghost.
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
fwsnort translates snort rules into an equivalent iptables ruleset. By making use of the iptables string match module, fwsnort can detect application layer signatures which exist in many snort rules. fwsnort adds a --hex-string option to iptables, which allows snort rules that contain hex characters to be input directly into iptables rulesets without modification. In addition, fwsnort makes use of the IPTables::Parse Perl module in order to (optionally) restrict the snort rule translation to only those rules that specify traffic that could potentially be allowed through an existing iptables policy.
MailScanner is an email virus scanner, vulnerability protector, and spam tagger. It supports the Postfix, Sendmail, Exim, Qmail, and ZMailer MTAs, and the Sophos, McAfee, F-Prot, F-Secure, CommandAV, InoculateIT, Inoculan, eTrust, Kaspersky, Nod32, AntiVir, BitDefender, RAV, Panda, DrWeb, ClamAV, and other anti-virus scanners. It uses SpamAssassin for highly successful spam identification, and is designed to handle denial of service attacks. It will detect password-protected zip files and apply filename checking to their contents. It is very easy to install, requires no changes at all to your sendmail.cf file, is designed to be lightweight, and won't grind your mail system to a halt with its load. It can be integrated into any email system, regardless of the software in use.
Video Contact Sheet *NIX creates a contact sheet (preview) from videos by taking still captures distributed over the length of the video. The output image contains useful information on the video such as codecs, file size, screen size, frame rate, and length. It requires MPlayer or FFmpeg and ImageMagick. It is confirmed to work on Linux and FreeBSD, and possibly other POSIX/UNIX systems.
BRL-CAD is a powerful constructive solid geometry solid modeling system that includes an interactive geometry editor, ray-tracing support for rendering and geometric analysis, path-tracing for realistic image synthesis, network distributed framebuffer support, and image and signal-processing tools.
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.