The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
msulogin is the single-user mode login program used to force the console user to login under a root account before a shell is started. Unlike other implementations of sulogin, this one supports having multiple root accounts on a system. msulogin has been developed as a part of Openwall GNU/*/Linux and is being made available separately primarily for use by other distributions. Currently, msulogin supports only systems with getspnam(3).
daemon turns other processes into daemons. There are many tedious tasks that need to be performed to correctly set up a daemon process; daemon performs these tasks for other processes. This is useful for writing daemons in languages other than C, C++, or Perl (e.g. sh, Java). If you want to write daemons in languages that can link against C functions (e.g. C, C++), see libslack, which contains the core functionality of daemon.
INSERT (the Inside Security Rescue Toolkit) aims to be a multi-functional, multi-purpose disaster recovery and network analysis system. It boots from a credit card-sized CD-ROM and is basically a stripped-down version of Knoppix. It features good hardware detection, fluxbox, emelfm, links-hacked, ssh, tcpdump, nmap, chntpwd, and much more. It provides full read-write support for NTFS partitions (using ntfs-3g), and the ClamAV virus scanner (including a fairly recent signature database and a GUI). It provides partition handling with gParted and also has a network boot facility.
The Auditor security collection is a live-system based on KNOPPIX. It provides tools for analyzing the security of a system. It features a menu structure that reflects the stages of a security check: foot-printing, analysis, scanning, wireless, brute-forcing, cracking. In addition to about 300 security tools, the collection includes background information regarding standard configuration and passwords, truly extensive word lists, and more mundane productivity tools.
TrinityOS is a step-by-step, example-driven HOWTO on building a very functional Linux box with strong security in mind. TrinityOS is well known for its strong packet firewall ruleset, Chrooted and Split DNS (v9 and v8), secured Sendmail (8.x), Linux PPTP, Serial consoles and Reverse TELNET, DHCPd, SSHd, UPSes, system performance tuning, the automated TrinityOS-Security implementation scripts, and much more.
Enforcer is a Linux security module designed to help improve integrity of a computer running Linux. The Enforcer provides a subset of Tripwire-like functionality. It runs continuously and as each protected file is opened its SHA1 is calculated and compared to a previously stored value. The Enforcer is designed to integrate with TCPA hardware to provide a secure boot when booted with a TCPA enabled boot loader. TCPA hardware can protect secrets and other sensitive data (for example, the secrets for an encrypted loopback file system) and bind those secrets to specific software.
The cryptoswap package supports creating an encrypted swap partition when a system boots. This may be necessary on systems that use encrypted filesystems because plaintext secrets may be written to disk when memory is swapped to disk. The project also includes the ability to build a Linux initrd that supports booting with an encrypted root filesystem.