The WiKID Strong Authentication System is a highly scalable, secure two-factor authentication system. It is simple to implement and maintain, allows users to be validated automatically, requires no hardware tokens, has a simple API for application support (via Ruby, PHP, Java, COM, Python, etc.), supports multiple domains, and supports replication for fault tolerance and scalability. It also supports mutual /host and transaction authentication, wireless tokens only domains, locked tokens (to your PC), anti-keystroke logger keypad PIN entry, etc.
AntiJOP is an anti-malware solution that recodes assembly language to remove JOP attack gadgets. JOP attacks on x86 often hinge on the availability of 0xFF bytes in preexisting code, which can be co-opted to serve as register-indirect call instructions. AntiJOP removes instances of 0xFF bytes that may exist, for example, in immediate values, MOD/RM bytes, etc.
GnuTLS is a secure communications library implementing the SSL, TLS, and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
segatex is a tool to configure SELinux policy with the help of a GUI. At the push of a button, it can generate a .te file in the /usr/share/segatex directory. You can then edit your .te file, make a module, and install. You can make any module name and edit current modules. You can install, update, and remove modules. You can semanage list and semanage login, fcontext, and port or set some domain permissive. You can download SELinux-related RPMs, including xguest, sepostgresql, and mod_selinux. You can download Fedora DVD or CDs. You can relabel your system. You can audit2allow by GUI. You can check refpolicy by analyzer. segatex includes its own policy.
LinOTP is a solution for strong two-factor authentication with one time passwords. It features a modular architecture into which UserIdResolver, authentication, and OTP calculation modules can be plugged. It includes UserIdResolver modules for LDAP/AD, SQL, and flat file user databases, and authentication modules for PAM and RADIUS. New modules can be developed easily. Supported tokens are HMAC-OTP/HOTP (RFC 4226/ OATH compliant), Aladdin eToken PASS, eToken NG-OTP, Safeword Alpine, Yubikey, Google Authenticator, motp, SMS OTP/Mobile TAN, email token, and a Simple Pass token for users without token hardware. TOTP is supported, along with a new algorithm for daily passwords for applications not supporting RADIUS. OCRA tokens are supported to allow transaction signing in banking environments. CLI, Web, and GTK+ GUI clients are available for management. LinOTP features multi-client capability, redundancy, and a self-service portal. It has been used with PAM for local and SSH logins, Apache, VPN, and Windows Terminal Server, and is OATH certified.
Endian Firewall is an all-in-on Linux security distribution that turns any system into a full-featured security appliance. It features a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, POP3, SMTP), anti-virus support, virus and spam filtering for email traffic (POP and SMTP), content filtering of Web traffic, and a "hassle free" VPN system based on OpenVPN.
Clam AntiVirus is an anti-virus toolkit designed especially for email scanning on mail gateways. It provides a number of utilities, including a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic database updates. The core of the package is an anti-virus engine available as a shared library.
fwknop implements an authorization scheme called Single Packet Authorization that requires only a single encrypted packet to communicate various pieces of information, including desired access through an iptables, ipfw, or pf firewall policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. Also supported is a robust port knocking implementation based around iptables log messages.