Owl (Openwall GNU/*/Linux) is a small security-enhanced Linux distribution for servers. Owl also makes a good base system for customized virtual machine images and embedded systems, and Owl live CDs with remote SSH access are good for recovering or installing systems (whether with Owl or not). A single Owl CD includes the full live system, installable packages, the installer program, as well as full source code and the build environment capable of rebuilding the entire system from source. Owl supports multiple architectures (x86, x86-64, SPARC, and Alpha) and offers some compatibility for packages developed for other Linux distributions. The primary approaches to security are proactive source code review, privilege reduction, privilege separation, careful selection of third-party software, safe defaults, and "hardening" to reduce the likelihood of successful exploitation of security flaws.
Devil-Linux is a special secure Linux distribution which is used for firewalls, routers, gateways, and servers. The goal of Devil-Linux is to have a small, customizable, and secure Linux system. Configuration is saved on a floppy disk or USB stick, and it has several optional packages. Devil-Linux boots from CD, but can be stored on CF cards or USB sticks.
Wiresoft ANA (Automated Network Agent), an Artificial Intelligence-based systems management service, automatically performs over 90% of Linux systems management tasks. It is a self-managing, self-learning system support service that provides constant maintenance and protection for Firegate Servers. ANA services include Software Updating and Integration, Intrusion Detection, Data Back-up and Disaster Recovery, Monitoring, and Alerting.
S-terminal lets you create a secure X terminal. Regular X terminals pass unencrypted data between you the remote machine. S-terminal creates an encrypted tunnel through which all X traffic passes. It replaces the remote xdm login screen with a local application that collects username and password, then sets up an ssh tunnel to the remote host and starts a session. It is highly configurable both in appearance and behavior, and deployed S-terminals can be remotely administered. Best of all, it can be added to a KNOPPIX CD to create an instant, bootable, secure X terminal CD.
The stmpclean utility removes old files (and old empty directories) from the specified directory. It is meant to be used to clean directories such as "/tmp" where old files tend to accumulate. stmpclean never removes files or directories owned by root, which is a feature, not a bug. Great care is taken while descending into the directory, and the operation is secure. Anything that's not a directory, regular file, or symbolic link is also left alone (because programs like screen(1) create sockets and FIFOs under /tmp and expect them to be long-lived). Unlike other programs that do the same task, stmpclean never forks and consumes limited amount of memory. If stmpclean determines a race condition it will log the situation and exit with a failure.
The Viper IDS is an IDS sensor that can be used stand-alone or as an add-on to the Wolverine Firewall and VPN server. It can log all alert information to a remote MySQL database that can be analyzed by applications such as ACID, or can be used with Wolverine to provide real-time responses to potential threats by dynamically adjusting perimeter firewall rule sets. It uses Snort for attack signature detection.