x509watch is a simple command line application that can be used to list soon expiring or already expired X.509 certificates, such as SSL certificates. All certificates are searched by default in the standard PKI directory, but any other directory can be specified as a parameter. Only Base64 encoded DER and PEM X.509 certificates are supported.
agentsmith is a daemon that continuously monitors a log file for break-in attempts by remote hosts. Upon detection of a break-in attempt, it launches a user defined script or application, which can do virtually anything from sending mail messages to whatever else you might think of. The criteria for what is considered a break-in attempt can be configured by means of a regular expression.
A fail2ban lite. IPQ BDB is a netfilter userspace daemon that can block or mark IP packets according to iptables rules that issue the corresponding -j NFQUEUE, as well as a Berkeley database of bad IPv4 addresses. A log parser and a banning utility add entries to the database. An IP has to be caught a configurable number of times before being blocked. Transitions between blocked and non-blocked are faded using probabilities. A halving period governs IP rehabilitation.
VPPPN stands for virtual peer-to-peer private networking. The project provides a VPN client using a custom protocol to be able to set up a point-to-point dynamic virtual network. This differs from OpenVPN in that it does not need a central server to pass the network's traffic. A central server exists to allocate IP addresses and provide a point of contact for the clients, but once connections are established, these services are no longer needed. This means that a VPPN network is free (as in beer), since to set up a network you do not need to invest in an always-on Internet server. Once established, a VPPPN network behaves in a similar way to a normal IP network. To the end user, this means you can set up an office network and drag and drop files between computers in a secure manner over the Internet.
Suricata is an Intrusion Detection and Prevention (IDS/IPS) engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support, file extraction capabilities, and many more features. It's capable of loading existing Snort rules and signatures, and supports many frontends through Barnyard2.
When moving files between filesystems that have permissions and those that do not, the user home directory is populated with files of all sorts of permissions. UFPM (Uniform File Permission Modifier) has been designed to modify all files and directories to have a uniform permission set based upon their file type.
TinyIDS is a distributed intrusion detection system (IDS) for Unix systems. It is based on the client/server architecture and has been developed with security in mind. The client, tinyids, collects information from the local system by running its collector backends. The collected information may include anything, from file contents to file metadata or even the output of system commands. The client passes all this data through a hashing algorithm and a unique checksum (hash) is calculated. This hash is then sent to one or more TinyIDS servers (tinyidsd), where it is compared with a hash that had previously been stored in the databases of those remote servers for this specific client. A response indicating the result of the hash comparison is finally sent back to the client. Management of the remotely stored hash is possible through the client's command line interface. Communication between the client and the server can be encrypted using RSA public key infrastructure (PKI).