Aniketos-SSVV (Aniketos Security Service Validation and Verification) provides a series of modules that work together to validate the security properties of a Web service composition. The package is given a selection of service compositions (provided in the form of BPMN processes with Web services bound to the service tasks), along with the security policy to be fulfilled. The package then performs various checks on the services to establish whether each composition satisfies the policy, returning an ordered list (ordered in terms of security) of the services that do. It forms part of the larger Aniketos project comprised of four packages in total.
confinedrv creates a new device node /sdx under /dev/mapper which mirrors the given base drive with certain partitions faded out and other partitions limited to read-only or read-write access. It is commonly used to safely boot an existing OS installation with Qemu or any other virtualization software from the same hard disk as the host operating system has been booted from.
debcheckroot is a tool that retrieves file checksums online or from read only media. It provides trusted verification of your root file system at least as far as you can trust your Internet connection or your verification medium (DVD, BD, etc.). Unlike debsums, it doesn't rely on locally stored md5sums which can be modified by an attacker along with the files themselves. It also provides cleaner and better structured output, and can spot files added to your system by someone else.
The ERPXE project simplifies the process of installing and customizing a multi-boot PXE server. Over 100 different plugins are available for download, including Windows, WinPE, Hiren’s Boot CD, Acronis True Image, Symantec Ghost, FOG, Ubuntu, Debian, Fedora, CentOS, openSUSE, Gentoo, RIP Linux, Slackware, Backtrack, PartedMagic, and many more.
LPVS (Linux Package Vulnerability Scanner) is a Linux distribution news feed based package version scanner that shows which security advisories apply to your system, which packages are installed in a vulnerable version, and to which versions you should upgrade. Currently supported distributions: Ubuntu and CentOS.
SecQua is a tool that quantifies the security of a given Information System, using a novel security metric. It tries to provide a deterministic, unbiased, objective, and efficient measurement. The approach is vulnerability driven and uses the National Vulnerability Database. A security metric must answer questions such as "How secure am I?", "Am I better compared to my last checkpoint/year?", "Am I spending the right amount of money for security?", "How do I compare to my peers?", and "What risk transfer options do I have?". SecQua can state that a system is now 60.2% secure, when last month it was 46.5%. Moreover, it tries to depict how vulnerability patterns expose the information system over time.
Patchman is a patch status monitoring tool for Linux systems. Patchman clients send a list of installed packages and enabled repositories to the server. The server (CLI or Web) tells the user which hosts require updates, whether those updates are normal or security updates, and shows installed packages that are not part of any repository. Hosts, packages, repositories. and operating systems can be filtered using features or arbitrary tags. For example, you can find out which hosts have a certain version of a package installed, and which repository it comes from. Patchman does not (yet) have the ability to update packages on hosts.
NetSecL ToolSet is a sub-project of NetSecL Linux containing all penetration tools as in the live CD of NetSecL Linux. The goal of this sub-project is to have a minimal Linux distribution in VM with a shh webshell (ajaxterm), no GrSecurity or hardening as in the live CD. After starting the appliance you can use it remotely via ssh or via Web browser.