iSSL (independant Secure Sockets Layer) is a minimalistic cryptographical API that uses the RSA and AES ciphers to establish SSL-alike, secure encrypted communications between two peers communicating through a network socket, including session key generation and public key exchange.
JFwadmin is a Java 2 high-level X11 tool for ipchains. The GUI displays easy-to-understand services. Features include scripts generation, firewall save and restore, automatic interface and IP address and routes detection, current firewall configuration display, and handling of masq-modules and port-forwarding.
Libslack is a library of general utilities designed to make UNIX/C programming a bit easier on the eye. It was originally implemented as part of the daemon program. It's a small library with lots of functionality, is accurately documented and was thoroughly tested. Good library naming conventions are not rigorously observed on the principle that common operations should always be easy to write and code should always be easy to read.
The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
LOMAC uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, trojan horses, malicious remote users, and compromised network server daemons. The LOMAC loadable kernel module can be used to harden Linux systems without any changes to existing kernels, applications, or configuration files. Due to its simplicity, LOMAC itself requires no configuration, regardless of the users and applications present on the system. Although some features and fixes remain to be implemented, LOMAC presently provides sufficient protection to thwart some attacks, and is stable enough for everyday use.
Mason is a tool that interactively builds a firewall using Linux' ipfwadm or ipchains firewalling. You leave mason running on the firewall machine while you are making all the kinds of connections that you want the firewall to support (and want it to block). Mason gives you a list of firewall rules that exactly allow and block those connections. It can either build a firewall from scratch for you or supplement an existing firewall.
Medusa DS9 is used to increase Linux's security. It consists of two major parts, Linux kernel changes and the user-space daemon. Kernel changes do the monitoring of syscalls, filesystem actions, and processes, and they implement the communication protocol. The security daemon communicates with the kernel using the character device to send and receive packets. It contains the whole logic and implements the concrete security policy. That means that Medusa can implement any model of data protection; it depends only on configuration file, which is in fact a program in the internal programming language, somewhat similiar to C.
ModiWrap is a scriptable, configurable, paranoid setuid wrapper for CGI and other Web scripts (such as PHP). It aims at full compliance with the CGI specifications. It allows users to run their own CGI/webscripts with their own UID while minimizing the risk of compromising the host system. All resource limits and running time alarms can be configured on the fly on a per-user basis with an optional limits daemon. It can be made fully compatible with suexec, cgiwrap, and mod_php. It should be compatible with any Web server.