TUN provides packet reception and transmission for user space programs. It can be viewed as a simple Point-to-Point or Ethernet device, which instead of receiving packets from a physical medium, receives them from a user space program and instead of sending packets via physical media writes them to the user space program.
The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
Linux, in the tradition of UNIX-like operating systems, implements file system permissions using a rather coarse scheme. While this is sufficient for a surprisingly large set of applications, it is too inflexible for many other scenarios. For that reason, all the major commercial UNIX operating systems have extended this simple scheme in one way or the other. This is an effort to implement POSIX-like Access Control Lists for Linux. Access Control Lists are built on top of Extended Attributes, which can also be used to associate other pieces of information with files such as Filesystem Capabilities, or user data like mime type and search keywords.
LOMAC uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, trojan horses, malicious remote users, and compromised network server daemons. The LOMAC loadable kernel module can be used to harden Linux systems without any changes to existing kernels, applications, or configuration files. Due to its simplicity, LOMAC itself requires no configuration, regardless of the users and applications present on the system. Although some features and fixes remain to be implemented, LOMAC presently provides sufficient protection to thwart some attacks, and is stable enough for everyday use.
Suspend2 allows you to hibernate your machine without needing APM, BIOS, or ACPI support. It creates an image that is saved in your active swap partitions, swap files, ordinary files or (soon) across a network. At the next system boot, the kernel detects the saved image, restores the memory from it and then it continues to run as if you'd never powered down.