Tor-ramdisk is a uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced in tor-ramdisk by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key, which may be exported and imported by FTP or SSH.
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The implementation attempts to be self-tuning on a wide variety of hardware and includes runtime validation testing. The tarball uses the GNU build mechanism and includes a devel sub-package, self test targets, init system options, and spec file samples for building an RPM. haveged may be used independently of the /dev/random interface through the filesystem at the command line. haveged functionality may be incorporated directly into other components directly through the devel sub-package.
Endian Firewall is an all-in-on Linux security distribution that turns any system into a full-featured security appliance. It features a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, POP3, SMTP), anti-virus support, virus and spam filtering for email traffic (POP and SMTP), content filtering of Web traffic, and a "hassle free" VPN system based on OpenVPN.
Papillon is a security module designed for the Solaris Operating Environment. It provides security mechanisms and protections that improve the overall security of the system by adding new functionality to the kernel such as a restricted proc, chroot environment protections, secure STDIO file descriptors, restricted symlinks in /tmp, setuid protections, and more. In the current version Papillon supports Solaris (8, 9, and 10) and OpenSolaris running on x86 and SPARC architectures in 32- or 64-bit mode.
Owl (Openwall GNU/*/Linux) is a small security-enhanced Linux distribution for servers. Owl also makes a good base system for customized virtual machine images and embedded systems, and Owl live CDs with remote SSH access are good for recovering or installing systems (whether with Owl or not). A single Owl CD includes the full live system, installable packages, the installer program, as well as full source code and the build environment capable of rebuilding the entire system from source. Owl supports multiple architectures (x86, x86-64, SPARC, and Alpha) and offers some compatibility for packages developed for other Linux distributions. The primary approaches to security are proactive source code review, privilege reduction, privilege separation, careful selection of third-party software, safe defaults, and "hardening" to reduce the likelihood of successful exploitation of security flaws.
Tin Hat is a Linux distribution derived from hardened Gentoo. It aims to provide a very secure, stable, and fast desktop environment that lives purely in RAM. Tin Hat boots from CD, or optionally USB pen drive, but it is not a LiveCD in that it does not mount any file system from the boot device. Rather, Tin Hat employs a massive squashfs image which expands into tmpfs upon booting. This makes for long boot times, but remarkable speeds during human-computer interaction.
Ubuntu Privacy Remix is a modified live CD based on Ubuntu Linux. UPR is not intended for permanent installation on a hard disk. The goal of Ubuntu Privacy Remix is to provide an isolated working environment where private data can be dealt with safely. The system installed on the computer running UPR remains untouched. It does this by removing support for network devices as well as local hard disks. Ubuntu Privacy Remix includes TrueCrypt and GnuPG for encryption and introduces "extended TrueCrypt volumes".
Devil-Linux is a special secure Linux distribution which is used for firewalls, routers, gateways, and servers. The goal of Devil-Linux is to have a small, customizable, and secure Linux system. Configuration is saved on a floppy disk or USB stick, and it has several optional packages. Devil-Linux boots from CD, but can be stored on CF cards or USB sticks.