StegFS is a steganographic file system for Linux. It offers security beyond that afforded by a regular cryptographic file system, since it not only encrypts data, but also provides a plausible deniability mechanism by securely hiding the data. It is designed to give the user a very high level of protection against being compelled to disclose its contents. StegFS extends the standard Linux file system (ext2fs), allowing normal and several levels of hidden files to coexist. This allows some data to remain hidden even if some of the keys are compromised.
shwatchr is a small Perl script that audits logins to shell accounts on Linux/*NIX machines that originate from arbitrary hosts on the Internet. When a successful login occurs and a shell is spawned, shwatchr is executed from the shell rc file and compares the host from which the login originates against a list of known/allowed hosts. If a match is not found then shwatchr can be configured to either send an email to a separate alert email address that contains the time and host from which the login took place or issue a warning and proceed to kill all user shells. shwatchr does not require root to execute and hence users can have some measure of knowledge and security over who is logging into their accounts even if they can't modify firewall or tcpwrapper rulesets, or look at system logs.
Angst is an active sniffer, based on libpcap and libnet. It dumps into a file the payload of all the TCP packets received on the specified ports. It implements two methods for active sniffing. Angst is able to monitor ARP requests, and after enabling IP forwarding on the local host, it sends ARP replies mapping all IPs to the local MAC address. Also, it can flood the local network with random MAC addresses (like macof), causing switches to send packets to all ports.
trf is an extension library to the script language tcl, as created by John Ousterhout. It extends the language at the C-level with so-called "transformer"-procedures. With the help of some patches to the core the package is able to intercept all read/write operations on designated channels, thus giving it the ability to transform the buffer contents as desired. Existing transforms include Base64, UUencode, Hashes (SHA, MD5, ...), error correction codec, zlib-based compression, script level transforms.