Unhide.rb finds hidden processes on your system. It looks for active processes in many different ways. Processes found by some means but not others are considered to be "hidden", and are reported to the user. Unhide.rb is a Ruby rewrite of the original Unhide, which was written in C. Unhide.rb performs the same checks as the original, but is 10 times faster in only half as much code, and has better diagnostics when hidden processes are found.
adv-samba is a PHP class to batch audit SAMBA resources on remote hosts or large LANs. It's a very handy tool during network audits. For example, imagine a LAN with 500 workstations. You want to find any illegal MP3s on company machines. With this tool, you recursively dump the share directory structure. It works with Active Directory authentication too.
sessiond allows a cluster of SSL/TLS servers to share their session caches in order to prevent each node of the cluster from negotiating a separate session. SSL/TLS session is basically a set of secret values (symmetric encryption keys, MAC secrets) shared between a client and a server. The use of asymmetric cryptography required to establish new sessions is the main performance bottleneck of the SSL/TLS protocol.
FBAC-LSM is a security mechanism for Linux which retricts applications based on the features they provide, such as "Web Browser" or "Image Editor". By restricting the actions of applications, the damage which can be caused by malware or software vulnerabilities can be significantly reduced. Reusable policy abstractions, known as functionalities, can be used to grant the authority to perform high level features (for example using the Web_Browser functionality) or lower level features (such as using the HTTP_Client functionality) or to grant privileges to access any specified resources. Functionalities are parameterized, which allows them to be adapted to the needs of specific applications. Functionalities are also hierarchical; that is, functionalities can contain other functionalities.
TinyIDS is a distributed intrusion detection system (IDS) for Unix systems. It is based on the client/server architecture and has been developed with security in mind. The client, tinyids, collects information from the local system by running its collector backends. The collected information may include anything, from file contents to file metadata or even the output of system commands. The client passes all this data through a hashing algorithm and a unique checksum (hash) is calculated. This hash is then sent to one or more TinyIDS servers (tinyidsd), where it is compared with a hash that had previously been stored in the databases of those remote servers for this specific client. A response indicating the result of the hash comparison is finally sent back to the client. Management of the remotely stored hash is possible through the client's command line interface. Communication between the client and the server can be encrypted using RSA public key infrastructure (PKI).
When moving files between filesystems that have permissions and those that do not, the user home directory is populated with files of all sorts of permissions. UFPM (Uniform File Permission Modifier) has been designed to modify all files and directories to have a uniform permission set based upon their file type.
pam_ttylog is a PAM module to log console output of a login shell. pam_ttylog takes an approach that makes a script-like environment in the PAM session section of /bin/login. Thus, the log files are in a user-unreachable directory and have user-unreadable/unwritable permissions. As PAM module, it doesn't need to modify or replace the original /bin/login, getty, telnet, or libraries for its installation and operation.
WormTrack is a network IDS that allows detection of scanning worms on a LAN by monitoring anomalous ARP traffic. This allows detection of scanning threats on the network without having privileged access on a switch to set up a dedicated monitor port. It does not require constant updating of the rules engine to address new threats.