Linux, in the tradition of UNIX-like operating systems, implements file system permissions using a rather coarse scheme. While this is sufficient for a surprisingly large set of applications, it is too inflexible for many other scenarios. For that reason, all the major commercial UNIX operating systems have extended this simple scheme in one way or the other. This is an effort to implement POSIX-like Access Control Lists for Linux. Access Control Lists are built on top of Extended Attributes, which can also be used to associate other pieces of information with files such as Filesystem Capabilities, or user data like mime type and search keywords.
StegFS is a steganographic file system for Linux. It offers security beyond that afforded by a regular cryptographic file system, since it not only encrypts data, but also provides a plausible deniability mechanism by securely hiding the data. It is designed to give the user a very high level of protection against being compelled to disclose its contents. StegFS extends the standard Linux file system (ext2fs), allowing normal and several levels of hidden files to coexist. This allows some data to remain hidden even if some of the keys are compromised.
scponly is an alternative "shell" of sorts for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution priviledges. Functionally, it is a wrapper around the ssh suite of applications. It is typically used by creating a user whose shell is set to scponly. This user can neither login interactively nor execute commands remotely, but it can use scp and sftp to download and upload files to the computer, governed by the usual Unix file permissions.
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP, TCP, HTTP, HTTPS, or direct 802.11 (WLAN). GNUnet supports accounting to provide contributing nodes with better service. The services built on top of the framework include anonymous file sharing and a virtual network providing IPv4-IPv6 transition via protocol translation over the P2P network.
This package provides ACL support for the Linux kernel. Access Control Lists allow fine-grained access control of filesystem objects by attaching a list of permissions which grant or deny specific capabilities to users or groups. This implementation of ACL for the Linux kernel provides semantics that are almost totally compatible with the traditional POSIX umode model for applications that are unaware of the kernel support. Features include the ability to "offer" a file for chown()ing by another user.
The stmpclean utility removes old files (and old empty directories) from the specified directory. It is meant to be used to clean directories such as "/tmp" where old files tend to accumulate. stmpclean never removes files or directories owned by root, which is a feature, not a bug. Great care is taken while descending into the directory, and the operation is secure. Anything that's not a directory, regular file, or symbolic link is also left alone (because programs like screen(1) create sockets and FIFOs under /tmp and expect them to be long-lived). Unlike other programs that do the same task, stmpclean never forks and consumes limited amount of memory. If stmpclean determines a race condition it will log the situation and exit with a failure.
INSERT (the Inside Security Rescue Toolkit) aims to be a multi-functional, multi-purpose disaster recovery and network analysis system. It boots from a credit card-sized CD-ROM and is basically a stripped-down version of Knoppix. It features good hardware detection, fluxbox, emelfm, links-hacked, ssh, tcpdump, nmap, chntpwd, and much more. It provides full read-write support for NTFS partitions (using ntfs-3g), and the ClamAV virus scanner (including a fairly recent signature database and a GUI). It provides partition handling with gParted and also has a network boot facility.