md5mon is a shell script that verifies files by computing their checksums. The script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel. In addition to the new features, some versions of the patch contain various security fixes. The "hardening" features of the patch, while not a complete method of protection, provide an extra layer of security against the easier ways to exploit certain classes of vulnerabilities and/or reduce the impact of those vulnerabilities. The patch can also add a little bit more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing.
shsecret takes a file and splits it into N parts of equal size such that any M parts can be used to reconstruct the secret, but fewer than M will give absolutely no information about the secret. This program is written in strict ANSI C, so it should be completely portable. It is also hopefully simpler and more efficient than other implementations of the same algorithm.
SmartSign is a set of modules which allow integration of smartcard technology into an OpenCA based Public Key Infrastructure in order to provide smartcard-based digital signature and local authentication security services. It allows direct signing of e-mail and e-news from within Netscape using smartcards and supports signing of generic files from command line. The package includes a PAM module too, which allows system administrators to integrate smartcard-based authentication for local users. A modified version of the OpenSSH client allows secure authentication to a remote server. A couple of command line tools allow signing and verifying generic files from the shell. Finally, a command line interactive shell supports all operations on the card, and can be used to write scripts that automate particular tasks on the card. Currently only Schlumberger Cyberflex Access 16K is supported.
TEA Total is a collection of extremely small encryption tools. At the heart of TEA Total is the TEA (Tiny Encryption Algorithm): a fast and secure 128-bit private key algorithm which was developed and placed in the public domain by David Wheeler and Roger Needham of the Cambridge Computer Laboratory.
The Ridentd server application is meant for the totally paranoid that need access to servers that require ident and don't want to give any information about local users to the remote server or its other users. Ridentd is a stand-alone replacement for identd that uses a random selection of a ispell dictionary to use as fake ident responses. The ident response is based on a (one-time randomly initialized) modulus of the local port in order to assure that one session will return the same identity during a TCP session.
The Spoofaudit network auditing tool will help you to determine what basic spoofing filters (rfc2827 & rfc3013) are present between two test points on two networks, and what anti-spoofing filters are missing. The tools are designed to work between endpoints that would not normally have filtering between them except anti-spoofing filters.
RSA-Haskell is a collection of command-line cryptography tools and a cryptography library written in Haskell. It is intended to be useful to anyone who wants to secure files or communications or who wants to incorporate cryptography in their Haskell application. The libraries include Haskell implementations of SHA1, EME-OAEP, EMSA-PSS, MGF, RSAES-OAEP, and RSA-PSS. These standards implement signature/verification, strong cryptography, and hashing.