Bombardier is a software system that delivers visibility, control, and automation to data center environments. Bombardier provides a means for changes to be rolled out to a network of Linux and Windows servers in a highly controlled way, providing optimum security, logging, and centralized change control.
Ganymed SSH-2 for Java is a library that implements the SSH-2 protocol in pure Java (tested on J2SE 1.4.2, 5, and 6). It allows one to connect to SSH servers from within Java programs. It supports SSH sessions (remote command execution and shell access), local and remote port forwarding, local stream forwarding, X11 forwarding, SCP, and SFTP. There are no dependencies on any JCE provider, as all cryptographic functionality is included.
Groovy is an agile, dynamic language for the JVM which combines many features from languages like Python, Ruby, and Smalltalk and makes them available to Java developers using a Java-like syntax. It is designed to help get things done on the Java platform in a quicker, more concise, and fun way. It can be used as an alternative compiler to javac to generate standard Java bytecode to be used by any Java project or it can be used dynamically as an alternative language, such as for scripting Java objects, templating, or writing unit test cases.
Hardened Debian improves Debian GNU/Linux with high security and hardening features, hardened kernels and packages, DHKP, and other security related enhancements. It makes systems more difficult to compromise using common attacks such as race conditions, chroot jail escapes, and buffer overflows.
Iron Bars SHell is a restricted Unix shell. The user can not step out of, nor access, files outside the home directory. Two ASCII configuration files are used for more control. The system administrator can define which commands may be executed by the user. No other executables are allowed. The admin also has the opportunity to define what kind of files the user may create. If a file has a certain extension (such as .mp3, .c, etc.), ibsh automatically erases it.
Nast is a packet sniffer and a LAN analyzer based on Libnet and Libpcap. It can sniff the packets on a network interface in normal mode or in promiscuous mode. It dumps the headers of packets and the payload in ASCII or ASCII-hex format. Various packet filters can be applied. The data sniffed can be saved in a separate file. As an analysis tool, it can check for other NICs on the network which are set in promiscuous mode, build a list of all hosts on a LAN, find a gateway, perform port scanning on a multiple hosts, catch daemon banners, follow the TCP data stream, reset a connection, and determine whether a link type is a hub or switch.
Plash is a sandbox for running GNU/Linux programs with minimum privileges. It is suitable for running both command line and GUI programs. It can dynamically grant Gtk-based GUI applications access rights to individual files that you want to open or edit. This happens transparently through the Open/Save file chooser dialog box, by replacing GtkFileChooserDialog. Plash virtualizes the file namespace and provides per-process/per-sandbox namespaces. It can grant processes read-only or read-write access to specific files and directories, mapped at any point in the filesystem namespace. It does not require modifications to the Linux kernel.
rrs is a reverse (connecting) remote shell. Instead of listening, it will connect out to rrs in listen mode. The listener will accept the connection and receive a shell from the remote host. rrs features full pseudo-TTY support, full OpenSSL support (client/server authentication and choice of cipher suites), Twofish encryption, a simple XOR cipher, plain-text sessions, peer-side session snooping, a daemon option, and reconnection features. It is known to compile and run under Linux, FreeBSD, NetBSD, OpenBSD, and QNX.