Utmpd is a small and flexible daemon that aims to simplify user access control. It scans the utmp file, looking for logged users, and then kills anyone matching a deny rule. Denial can be based on the time of login, the hostname or IP address from which the login request comes, or the idle time of the user.
fwknop implements an authorization scheme called Single Packet Authorization that requires only a single encrypted packet to communicate various pieces of information, including desired access through an iptables, ipfw, or pf firewall policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. Also supported is a robust port knocking implementation based around iptables log messages.
Stealth (SSH-based Trust Enhancement Acquired through a Locally Trusted Host) is a file integrity scanner. It differs from a program like Tripwire in that it does not require the use of read-only media or modifiable logs. It leaves (almost) no trace on the computer being checked. It is very difficult for intruders to detect or evade, and cannot be modified by intruders. It can be used to perform integrity checks on many computers without a heavy maintenance burden. It can be used without being installed on the target computer.
Sticker is a system call spy API which runs in user mode. It is a user-friendly, object-oriented wrapper around the ptrace API. Using Sticker, an end user can utilize the benefits of ptrace without knowing the details of the ptrace API. The objective is to produce an API (libSticker) that can help in speedy development of applications that work like debuggers, code injectors, and system call spies.
AppArmor is an application security tool designed to provide a highly secure yet easy to use security framework for your applications. It proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. Its security policies, called "profiles", completely define what system resources individual applications can access, and with what privileges. A number of default profiles are included, and using a combination of advanced static analysis and learning-based tools, profiles for even very complex applications can be deployed successfully in a matter of hours.