PAM_pkcs#11 is a Linux-PAM login module that allows a X.509 certificate based user login. The certificate and its dedicated private key are thereby accessed by means of an appropriate PKCS #11 module. For the verification of the users' certificates, locally stored CA certificates as well as either online or locally accessible CRLs are used. A very flexible, stackable, and configurable Certificate-To-Login mapping scheme is provided to deduce/verify the username to log in.
The ELF-Encrypter program suite is a collection of programs to encrypt ELF binaries using various algorithms, including the ones provided by GPG. One can choose a lot of methods to obtain the encryption key, such as hashing a list of PCI peripheals, MAC addresses of ethernet cards, file inode numbers, passphrases and passwords. The suite also contains programs to manipulate and inject plain or encrypted code into ELF binaries.
SafeWeb is a personal homepage middleware environment for Apache (including 1.3 and 2.0) on Unix. It provides page hit counting, visitor logging, server-side includes (SSI), safe setuid CGI (with or without suEXEC) by installing appropriate CGIs, and .htaccess for a single user, without the need of becoming root or restarting Apache. SafeWeb is easy to install and easy to use.
A powerbox is just like a normal file chooser dialog box, except that it dynamically grants the application the right to access the file that the user picks. This helps provide security because the application can be run without needing access to all the user's files. Powerbox-for-Gtk patches Gtk to replace GtkFileChooserDialog with a powerbox. It is based on Plash, which provides a restricted execution environment on Linux.
Linvpn is a secure socket layer for pppd. It allows creation of virtual private networks by using an IP routing system between PPP network interfaces. Cryptography is done by libgcrypt's 3DES or blowfish, and Initialization Vector (IV) is changed in each packet transmission. As linvpn works as client and server, and communication is a single TCP connection, it allows creation of secure tunnels even in complex network layouts, when one or both endpoints are behind a firewall or NAT, with or without dynamic IP addresses.