Linux, in the tradition of UNIX-like operating systems, implements file system permissions using a rather coarse scheme. While this is sufficient for a surprisingly large set of applications, it is too inflexible for many other scenarios. For that reason, all the major commercial UNIX operating systems have extended this simple scheme in one way or the other. This is an effort to implement POSIX-like Access Control Lists for Linux. Access Control Lists are built on top of Extended Attributes, which can also be used to associate other pieces of information with files such as Filesystem Capabilities, or user data like mime type and search keywords.
Firewall is a set of scripts (firewall, fwup, and fwdown) that implement an ipchains firewall and various forms of network address and port translation. All you have to do is read the policy file and edit it to reflect your topology and filtering policy. It supports many different types of network topology (single host, traditional forwarding, masquerading, port forwarding, alias port forwarding and NAT), up to 10 untrusted interfaces each with their own policy, and over 50 network applications. It also supports centralised administration of multiple remote firewalls (meta-firewall).
Moodss is a modular monitoring application, which supports operating systems (Linux, UNIX, Windows, etc.), databases (MySQL, Oracle, PostgreSQL, DB2, ODBC, etc.), networking (SNMP, Apache, etc.), and any device or process for which a module can be developed (in Tcl, Python, Perl, Java, and C). An intuitive GUI with full drag'n'drop support allows the construction of dashboards with graphs, pie charts, etc., while the thresholds functionality includes emails and user defined scripts. Monitored data can be archived in a SQL database by both the GUI and the companion daemon, so that complete history over time can be made available from Web pages or common spreadsheet software. It can even be used for future behavior prediction or capacity planning, from the included predictor tool, based on powerful statistical methods and artificial neural networks.
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel. In addition to the new features, some versions of the patch contain various security fixes. The "hardening" features of the patch, while not a complete method of protection, provide an extra layer of security against the easier ways to exploit certain classes of vulnerabilities and/or reduce the impact of those vulnerabilities. The patch can also add a little bit more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing.
Keepalived for LVS aims to add a strong and robust keepalive facility to the Linux Virtual Server project. This project is written in C with multilayer TCP/IP stack checks. It implements a framework based on three family checks: Layer3, Layer4, and Layer5. This framework gives the daemon the ability of checking a LVS server pool states.When one of the servers in the LVS server pool is down, keepalived informs the Linux kernel via a setsockopt call to remove this server entry from the LVS topology. In addition, it implements a VRRPv2 stack to handle director failover.
kchuid is an experimental Linux kernel module that allows you to change the UID/GID/CAPS of a running process (by PID). Think of it as providing a setuid() system call that also has a pid_t argument. It's the first step in a full authentication system, and further, a full Unixish system devoid of setuid binaries/scripts.