Devil-Linux is a special secure Linux distribution which is used for firewalls, routers, gateways, and servers. The goal of Devil-Linux is to have a small, customizable, and secure Linux system. Configuration is saved on a floppy disk or USB stick, and it has several optional packages. Devil-Linux boots from CD, but can be stored on CF cards or USB sticks.
Care2x (formerly Care 2002) is software for hospitals and health care organizations. It is designed to integrate the different information systems existing in these organizations into a single efficient system. It solves the problems inherent in a network of multiple programs that are incompatible with each other. It can integrate almost any type of services, systems, departments, clinics, processes, data, or communication that exist in a hospital. Its design can even handle non-medical services or functions like security or maintenance. All of its functions can be accessed with a Web browser, and all program modules are processed on the server side.
S-terminal lets you create a secure X terminal. Regular X terminals pass unencrypted data between you the remote machine. S-terminal creates an encrypted tunnel through which all X traffic passes. It replaces the remote xdm login screen with a local application that collects username and password, then sets up an ssh tunnel to the remote host and starts a session. It is highly configurable both in appearance and behavior, and deployed S-terminals can be remotely administered. Best of all, it can be added to a KNOPPIX CD to create an instant, bootable, secure X terminal CD.
The stmpclean utility removes old files (and old empty directories) from the specified directory. It is meant to be used to clean directories such as "/tmp" where old files tend to accumulate. stmpclean never removes files or directories owned by root, which is a feature, not a bug. Great care is taken while descending into the directory, and the operation is secure. Anything that's not a directory, regular file, or symbolic link is also left alone (because programs like screen(1) create sockets and FIFOs under /tmp and expect them to be long-lived). Unlike other programs that do the same task, stmpclean never forks and consumes limited amount of memory. If stmpclean determines a race condition it will log the situation and exit with a failure.
The Viper IDS is an IDS sensor that can be used stand-alone or as an add-on to the Wolverine Firewall and VPN server. It can log all alert information to a remote MySQL database that can be analyzed by applications such as ACID, or can be used with Wolverine to provide real-time responses to potential threats by dynamically adjusting perimeter firewall rule sets. It uses Snort for attack signature detection.
ReVirt is part of the CoVirt project, which investigated on the use of virtual machines to provide security in an operating-system-independent manner to enable the security system to function independently from the guest operating system. ReVirt logs enough information to replay the entire intrusive sequence instruction-by-instruction so that a detailed observation on the attack can be documented. It includes a system called BackTracker that helps system administrators understand (and thereby recover from) an intrusion, by automatically identifying potential sequences of steps that occurred in an intrusion. Starting with a single detection point (e.g., a suspicious file), BackTracker identifies files and processes that could have affected that detection point and displays chains of events in a dependency graph.
ThePacketMaster Linux Security Server is a CD-based security auditing tool that boots and runs penetration testing and forensic analysis tools. It is handy for security auditors. Some tools included are nessus, ethereal, The Coroner's Toolkit, chntpw, and minicom. It includes modules for any Linux 2.4.20 SCSI driver.
INSERT (the Inside Security Rescue Toolkit) aims to be a multi-functional, multi-purpose disaster recovery and network analysis system. It boots from a credit card-sized CD-ROM and is basically a stripped-down version of Knoppix. It features good hardware detection, fluxbox, emelfm, links-hacked, ssh, tcpdump, nmap, chntpwd, and much more. It provides full read-write support for NTFS partitions (using ntfs-3g), and the ClamAV virus scanner (including a fairly recent signature database and a GUI). It provides partition handling with gParted and also has a network boot facility.