Gircap is a set of tools to help you use the widely unknown "capabilities" that Linux has in place of conventional Unix superuser privilege. That means you can give programs and processes only as much privilege as they need and greatly limit your security exposure due to system bugs. A Linux kernel patch fixes some basically broken aspects of capabilities. setcap and getcap let you set and show capabilities of a running process. capexec runs a program with certain capabilities, UID, GID, and supplemental GIDs. It can be used to have init start a daemon with only a subset of init's privileges. binfmt_capx is an executable interpreter in the form of a loadable kernel module. It lets you do a setuid kind of thing for files, only with fine grained capabilities. This is a cheap substitute for real "file capabilities."
JOSSO (Java Open Single Sign-On) is J2EE-based SSO infrastructure that provides a solution for centralized, platform neutral user authentication. It implements Web services technology for asserting user identity, allowing the integration of Java and non-Java applications like PHP and Microsoft ASP using the SOAP protocol across multiple applications. It integrates with Jakarta Tomcat, proving user identity information to Web applications using the standard Servlet Security API. A reverse proxy component that can be used to create n-tier single sign-on configurations is included.
Systraq sends you a daily email listing the state of your system. If critical system files or user access files (e.g. ~/.ssh/authorized_keys) have changed, you'll get an email within a shorter notice. It consists of few very small shell scripts. It can help you implement a (not too strict) security policy.
Twe (Twe Whitelist Enforcer) is used to enforce pre-defined HTML code. It takes "bad" HTML as input and returns HTML matched against a flexible and easy to extend set of rules. It can be used to allow HTML input for your Web forum without opening yourself to cross-site scripting attacks.
MpNT is a multi-precision number theory library that provides a base for building cryptographic applications. It may also be used in any other domain where efficient large number computations are required. The library supports integer, modular, and floating point arithmetic with practically unlimited precision. It is both speed efficient and highly portable without disregarding code structure and clarity.
The Better String Library is an abstraction of a string data type which is superior to the C library char buffer string type and C++'s std::string. Among the features achieved are substantial mitigation of buffer overflow/overrun problems and other failures that result from erroneous usage of the common C string library functions, significantly simplified string manipulation, high performance interoperability with other libraries that expect '\0' terminated buffers, high performance common string operations, and functional equivalency with other more modern languages.
GPGlist is a Perl script to implement gpg encrypted alias lists in a mail server such as Sendmail or Postfix. It uses one XML config file to store information about lists. It backs up messages if an error occours, and sends out error messages to the sender of the mail. You can decide whether or not a list only accepts encrypted messages.