Astaro Portscan Detection is a netfilter target which will attempt to detect TCP and UDP port scans and log them to syslog. This target is based upon Solar Designer's scanlogd. It suppports mutliple levels of logging, custom prefixes for entries, weighted total port scan detection, and port scan temporal spread detection.
Cryproc is module for the Linux 2.6 kernel that allows user space programs to access the kernel's cryptographic functions. When loaded, the module creates a file called "cryproc" in the /proc filesystem. Applications can open this file read-write and instruct the kernel to perform some of the functions the CryptoAPI provides. A sample application, cryproc-tool, is provided.
The Dazuko project provides a virtual device driver allowing (userland) applications to execute online file access control. It was originally developed by Avira GmbH (formerly known as H+BEDV Datentechnik GmbH) to allow on-access virus scanning. Other uses include a file-access monitor/logger or external security tools. Dazuko operates by intercepting file access calls and passing the file information to a userland application. The application then has the opportunity to tell the virtual device driver to allow or deny the file access. The application also receives information about the file access event, such as accessed file name, type of access, process id, and user id.
Enforcer is a Linux security module designed to help improve integrity of a computer running Linux. The Enforcer provides a subset of Tripwire-like functionality. It runs continuously and as each protected file is opened its SHA1 is calculated and compared to a previously stored value. The Enforcer is designed to integrate with TCPA hardware to provide a secure boot when booted with a TCPA enabled boot loader. TCPA hardware can protect secrets and other sensitive data (for example, the secrets for an encrypted loopback file system) and bind those secrets to specific software.
Linux, in the tradition of UNIX-like operating systems, implements file system permissions using a rather coarse scheme. While this is sufficient for a surprisingly large set of applications, it is too inflexible for many other scenarios. For that reason, all the major commercial UNIX operating systems have extended this simple scheme in one way or the other. This is an effort to implement POSIX-like Access Control Lists for Linux. Access Control Lists are built on top of Extended Attributes, which can also be used to associate other pieces of information with files such as Filesystem Capabilities, or user data like mime type and search keywords.
Gircap is a set of tools to help you use the widely unknown "capabilities" that Linux has in place of conventional Unix superuser privilege. That means you can give programs and processes only as much privilege as they need and greatly limit your security exposure due to system bugs. A Linux kernel patch fixes some basically broken aspects of capabilities. setcap and getcap let you set and show capabilities of a running process. capexec runs a program with certain capabilities, UID, GID, and supplemental GIDs. It can be used to have init start a daemon with only a subset of init's privileges. binfmt_capx is an executable interpreter in the form of a loadable kernel module. It lets you do a setuid kind of thing for files, only with fine grained capabilities. This is a cheap substitute for real "file capabilities."
HAVEGE (HArdware Volatile Entropy Gathering and Expansion) is a user-level software unpredictable random number generator for general-purpose computers that exploits modifications of the internal volatile hardware states as a source of uncertainty. It combines on-the-fly hardware volatile entropy gathering with pseudo-random number generation. The internal state includes thousands of internal volatile hardware states and is merely unmonitorable. It can support several hundreds of megabits per second on current workstations and PCs.