Semantic search

Jump to: navigation, search
Query Additional data to display
(add one property name per line)

Format as:
[Add sorting condition]
Other options
The maximum number of results to return
The offset of the first result
Show values as links
Property to sort the query by
order: descending desc asc ascending rand random
Order of the query sort
Display the headers/property names
The label to give to the main page name
The text to display before the query results, if there are any
The text to display after the query results, if there are any
Text for continuing the search
The text to display if there are no query results
The separator for values
The separator for values
The name of a template with which to display the printouts
template arguments:
Sets how the named arguments are passed to the template
named args:
Name the arguments passed to the template
A value passed into each template call, if a template is used
The name of a template to display before the query results, if there are any
The name of a template to display after the query results, if there are any
Additional annotated data are to be copied during the parsing of a subject

Hide query Show embed code

The query [[Security::system]] was answered by the SMWSQLStore3 in 0.0093 seconds.

Results 11 – 60    (Previous 50 | Next 50)   (20 | 50 | 100 | 250 | 500)   (JSON | CSV | RSS | RDF)

Scans log files and emails infected hosts
ryptsetup is utility used to conveniently setup disk encryption based on dm-crypt kernel module, including plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format. Cryptsetup is backwards compatible with the on-disk format of cryptoloop, but also supports more secure formats. This package includes support for automatically configuring encrypted devices at boot time via the config file /etc/crypttab. Additional features are cryptoroot support through initramfs-tools and several supported ways to read a passphrase or key.
dsacheck is a python program that will check all the packages on a Debian system. Dsacheck will download dynamically the DSA (Debian Security Alert) news from the security webpage and build a list that will be compared to the locally installed packages. You can use it easily in a CRON job.
Easy integrity check system is an easy-to-install and use file integrity system. It is meant to be used by system administrators to aid with intrusion detection.
EncFS is an encrypted pass-through filesystem which runs in userspace on GNU/Linux (using the FUSE kernel module). Similar in design to CFS and other pass-through filesystems, all data is encrypted and stored in the underlying filesystem. Unlike loopback filesystems, there is no predetermined or pre-allocated filesystem size.
Fenris is a multipurpose tracer, GUI debugger, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics - providing a structural program trace, interactive debugging capabilities, general information about internal constructions, execution path, memory operations, I/O, conditional expressions and more. Fenris can do traditional, instruction by instruction or breakpoint to breakpoint interactive debugging enhanced by additional structural data about the code delivered to the user; it is able to fingerprint functions in static binaries, reconstruct symbol tables in ELF files based on that information, automatically detect common library code; able to deliver text-based and graphical, browsable output that documents different aspects of program activity on different abstraction layers; able to perform partial analysis of single structural blocks.
File Integrity Command & Control (FICC) helps system administrators manage multiple Tripwire installations. It maintains MD5 hashes for three key Tripwire files and verifies that the MD5 checksum of these key files against the signatures in its file checksum database. If they match, it then connects to the host via SSH and runs Tripwire. If any signatures do not match, an email is sent to the "FICC administrator" of the system in question.
This is a candidate for deletion: broken links, can't find elsewhere, not on, my email to maintainer was returned to sender. Danm (talk) 14:19, 1 November 2017 (EDT) GSsh is a Gnome frontend to ssh. It keeps track of the hosts you visit and remembers the username, so logging in is only a few mouse clicks away. Most of ssh's command line parameters can be set from a settings dialog.
gnoMint is a tool for easily creating and managing certification authorities. It provides fancy visualization of all the pieces of information that pertain to a CA, such as x509 certificates, CSRs, and CRLs. gnoMint is currently capable of managing a CA that emits certificates that are able to authenticate people or machines in VPNs (IPSec or other protocols), secure HTTP communications with SSL/TLS, authenticate and cipher HTTP communications through Web-client certificates, and sign or crypt email messages.
'grsecurity' is a complete security system for Linux 2.4 that implements a detection/prevention/containment strategy. It prevents most forms of address space modification, confines programs with least privilege via its process-based ACL system, hardens syscalls, and provides many of the OpenBSD randomness features. It has auditing capabilities and a netfilter module designed to thwart portscans and OS fingerprinting.
Gvpe Heckert gnu.tiny.png
gvpe is a suite designed to provide a virtual private network for multiple nodes over an untrusted network. It works by creating encrypted host-to-host tunnels between multiple endpoints. GVPE (GNU VPE) is an acronym standing for GNU Virtual Private Ethernet.
Hashlet is an application with a Command Line Interface (CLI) that controls the Cryptotronix Hashlet. The Cryptotronix Hashlet is open source hardware that implements SHA256, provides a hardware random number generator, and stores 256 bit keys in read and write protected memory. The hardware is designed for a BeagleBone Black but can be uses on an embedded GNU/Linux system that supports the I2C protocol and can supply 3.3 or 5 Volts to the device
'Hping' sends custom ICMP/UDP/TCP packets and displays target replies. It handles fragmentation and arbitrary packet body and size, and can be used to transfer files under supported protocols. With 'Hping', you can test firewall rules, perform [spoofed] port scanning, test net performance using different protocols, packet size, TOS (type of service), and fragmentation, do path MTU discovery, tranfer files (even between really Fascist firewall rules), perform traceroute-like actions under different protocols, fingerprint remote OSs, and audit a TCP/IP stack.
IP Sentinel
'IP Sentinel' is a tool that tries to prevent unauthorized usage of IP addresses within an ethernet broadcast domain by answering ARP requests. After receiving faked replies, requesting parties store the MAC in their ARP tables and will send future packets to this invalid MAC, rendering the IP unreachable.
This is a candidate for deletion: broken links, can't find software elsewhere, software not on, developer said via email that it can be deleted. Danm (talk) 12:53, 29 October 2017 (EDT) IPFC is software and a framework to manage and monitor multiple types of security modules across a global network. Modules can be packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, or other general devices (from servers to embedded devices). It features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used.
FreeSpeechMe is a Free Software plug-in for IceCat that allows people to effortlessly view Dot-Bit websites. It works on GNU/Linux and Windows. Dot-Bit (.bit) is a new top-level domain that, unlike Dot-Com, Dot-Net, Dot-UK, etc., is NOT controlled by any government or corporation. FreeSpeechMe works over the distributed blockchain of the inexpensive cryptocurrency, Namecoin (a derivative of BitCoin). Namecoin is not generally traded as currency. It exists primarily for the purpose of decentralized DNS. Domains currently cost about 10 cents US of Namecoin to register. Before FreeSpeechMe, viewing Dot-Bit websites required changing DNS settings, and using non-vetted public DNS servers. FreeSpeechMe doesn't require changing DNS settings, so it is much more secure. Newly registered Dot-Bit websites can be viewed within three hours worldwide with FreeSpeechMe. IP or Nameserver update changes to an existing Dot-Bit website are viewable worldwide within 40 minutes. This isn't just "a plug-in." FreeSpeechMe, Dot-Bit and Namecoin are a complete new Internet ecosystem, free of the constraints of ICANN and the like. Please see tech FAQ for full list of improvements and implementations we're planning on for FreeSpeechMe and Namecoin:
Homepage has new owner. Links broken. Homepage redirected to entry. Email to maintainer broken. Poppy-one (talk) 13:20, 5 August 2018 (EDT) 'incident'.pl is a small script that, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. It creates a database that is a snapshot of the essential parts of your computer system. You put the database somewhere safe, and then use it to make sure that no one has made illicit modifications to the computer system. If there's a break in, you know exactly which files have been modified, added, or removed. Current features include a small memory footprint, a simple and modular design (for a faster learning curve), up-to-date cryptographic algorithms, cascading rulesets, output that can be XML or a human-readable form that can be scanned, an option to reset access times, simultaneous check and update, and a design that is meant for unattended use.
Linux Security Auditing Tool (LSAT) is a post install security auditing tool for systems using the Linux kernel. It is modular in design, so new features can be added quickly. It checks many system configurations and local network settings on the system for common security/config errors and for unneeded packages.
Laplock, Lock my computer with a SD-Card! Laplock does not only save your laptop, but will also save your files. The Idea: A special SD-Card in your box and anything will run just normal to work with. Pull out the card (someone is knocking at the door) and the box is locked, so there is no way to access it anymore. Furthermore the laptop will not start if the card is not inside. Quite important, if the laptop "gets lost" for some reason.
libreCMC is an embedded GNU/Linux distro with the focus of providing a platform that is 100% free software and that does not contain non-free blobs. While libreCMC is currently a hard fork of the popular OpenWRT project, it uses a linux-libre kernel and does not contain non-free parts.
Linux-libre Heckert gnu.tiny.png
Linux-libre is a version of the Linux kernel suitable for use with the GNU Operating System. It removes non-free components from Linux, that are disguised as source code or distributed in separate files. It also disables run-time requests for non-free components, shipped separately or as part of Linux, and documentation pointing to them. The GNU Linux-libre project takes a minimal-changes approach to cleaning up Linux, making no effort to substitute components that need to be removed with functionally equivalent free/libre ones.
Lynis is an auditing and hardening tool for Unix derivatives like Linux/BSD/Solaris. It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.
SSH2, version 2 of the Secure Shell protocols, lets you connect to a remote computer through a strongly encrypted and authenticated TCP/IP connection. This is a Macintosh version for SSH.
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote and/or unattended reboots. Wouldn’t it be great if you could have the security of encrypted root file systems and still have servers that could boot up automatically if there was a short power outage while you were asleep? That you could reboot at will, without having someone run over to the server to type in the password? Well, with Mandos, you (almost) can! The gain in convenience will only be offset by a small loss in security. The setup is as follows: The server will still have its encrypted root file system. The password to this file system will be stored on another computer (henceforth known as the Mandos server) on the same local network. The password will *not* be stored in plaintext, but encrypted with OpenPGP. To decrypt this password, a key is needed. This key (the Mandos client key) will not be stored there, but back on the original server (henceforth known as the Mandos client) in the initial RAM disk image. Oh, and all network Mandos client/server communications will be encrypted, using TLS (SSL).
Most password managers are password vaults: they let you store or generate a strong password for your services and then encrypt that key and store it for later retrieval. This approach presents many problems, in particular in the modern mobile age, that result in many frustrations: * Vault availability: If your vault is not available, you cannot use any of your services. * Added risk of identity loss: If you lose (eg. HDD failure/house fire) your vault, you instantly lose your entire online identity. * Force of law: Many countries have laws that require you to divulge the encryption key if a lawful search discovers your vault. Some password vaults implement features to try and address these issues, such as Internet sync, cloud-based vaults or backups and self-destructing vaults. These features all work around issues inherent to the solution and bring their own set of issues: * Network sync: Keeping data secure in transit is non-trivial and adds security risks. * Backups: Requires that you keep multiple locations secure from loss and theft, as well as the vault in transit. * Cloud-based services: Requires you to trust an external party and sacrifices transparency and freedom. * Defensive destruction: Reliability issues and again, risk total identity loss. Master Password is a completely different approach to passwords. The core issue that brings forth these problems is the vault used to store passwords. Master Password removes the vault from the solution by being a stateless solution, thus avoiding each of these issues. Master Password works by being an offline and stateless algorithm used to calculate your site passwords on-demand. Your passwords exist only as long as you need them and then disappear from disk and memory. Passwords are calculated based on a master password and the user's full name, combined with the name of the site. Calculation is based on strong, known and understood cryptographic hashes. Hash-based password generation is not new, but Master Password is a careful implementation that avoids many issues that other hash-based password managers suffer from. Cryptography is not easy and upon inspection, the security of most hash-based password generators completely falls apart. Master Password uses scrypt combined with hmac-sha256 and salting to prevent all known attack vectors.
The Monkeysphere project's goal is to extend OpenPGP's web of trust to new areas of the Internet to help us securely identify each other while we work online. Specifically, monkeysphere currently offers a framework to leverage the OpenPGP web of trust for OpenSSH authentication. In other words, it allows you to use secure shell as you normally do, but to identify yourself and the servers you administer or connect to with your OpenPGP keys. OpenPGP keys are tracked via GnuPG, and monkeysphere manages the known_hosts and authorized_keys files used by OpenSSH for authentication, checking them for cryptographic validity.
NMIS performs multiple network management functions from the OSI Model and International Organization for Standardization FCAPS model, these being - Fault, Configuration, Accounting and/or Administration, and Performance. These metrics provide valuable capabilities and features for fault and performance management, which in turn are useful for many other aspects of network and business management. NMIS monitors the status and performance of an organization’s IT environment, assists in rectification and identification of faults and provides valuable information for IT departments to plan expenditure and IT changes. The NMIS business rules engine classifies events on their business impact, not just the technical nature. The rules engine is extremely powerful; however it can be configured in minutes for a network with a small number of devices to hours for networks with large numbers of devices.
'nabou' monitors changes to files and directories on your system using MD5 checksums. It can also watch crontabs, suid files, and user accounts for changes. It stores all data in standard dbm databases. 'nabou' is highly configurable; you can exclude files from being checked, configure which file attributes it should look for, use custom checks, and more.
NetCube (a.k.a. Jeff's version of The Spinning Cube of Potential Doom) is a python utility for visualizing network traffic in a 3d simulation. The x, y, and z axes correspond to the source IP address, the port number, and the destination IP address, respectively. This applies only to TCP and UDP traffic, of course, but that's the bulk of the traffic out there! Why bother? Well for one, visualization seems to help humans in identifying port scans and the like. See the original The Spinning Cube of Potential Doom page for more info.
NetSPOC is a Network Security POlicy Compiler. A tool for simplified security management of networks with multiple security domains. NetSPOC takes a description of topology, services and rules and generates access lists for multiple packet filters.
'Netcat' is a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. It is also a network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
Netcat6 is a rewrite of the well-known netcat package, adding IPv6 support. Netcat6 can act as a client or a server for TCP and UDP protocols, in IPv4 and IPv6, and aims to be efficient with its data handling and to be easily extended to other "level 3" protocols. Its primary use, like netcat, is for communications development, making it easy to make or listen for connections and see what's coming through.
Java client library for the New Relic REST APIs built using Jersey and Gson. The library implements over 110 operations across all of the available 35 New Relic services. It is primarily used by applications to automate the configuration of New Relic Monitoring, Alerting and Dashboards, but can also be used for extracting incident and metric data, executing Insights queries, or uploading plugin metrics.
Nmap ("Network Mapper") is a utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
'noexec' is a package for preventing a process from exec'ing another process. It can be a useful security measure to prevent a user from escaping to a shell, and may be able to prevent some kinds of CGI exploits.
'oftpd' is designed to be as secure as an anonymous FTP server can possibly be. It runs as non-root for most of the time, and uses the Unix chroot() command to hide most of the systems directories from external users--they cannot change into them even if the server is totally compromised. It also contains its own directory-change and directory-listing code (most FTP servers execute the system "ls" command to list files).
'op' allows fine-grained control of access to super-user privileges through easy to remember mnemonics. Its features include user and host based access control, and command expiration. Different sets of users can access different operations, and the security-related aspects of each operation can be carefully controlled.
p0f is a versatile passive OS fingerprinting and masquerade detection utility, to be used for evidence or information gathering on servers, firewalls, IDSes, and honeypots, for pen-testing, or just for the fun of it. It is a complete rewrite of p0f version 1 that used to be maintained by William Stearns.
'poink' is a TCP/IP-based ping implementation. It does not require special privileges and is designed for multiuser shell systems. It is meant to be a secure replacement for the standard IPv4 network monitoring tool.
Rule Set Based Access Control (RSBAC) is a security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula and provides a flexible system of access control based on several modules. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which then calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
Radius Heckert gnu.tiny.png
Radius is a server for remote user authentication and accounting. Its primary use is for Internet Service Providers, though it may as well be used on any network that needs a centralized authentication and/or accounting service for its workstations. The package includes an authentication and accounting server and administrator tools.
RazorBack is a log analysis program that interfaces with the SNORT Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. RazorBack is designed to work within the GNOME framework on GNU/Linux platforms.
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every *nix clone.
rssh is a small shell that lets system administrators give specific users access to a given system via scp or sftp only.
Simple X display locker. Really this is the simplest X screen locker we are aware of. It is stable and quite a lot people in this community are using it every day when they are out with friends or fetching some food from the local pub.
'sptrace' is a secure ptrace() module for Linux. It limits users' access to the ptrace() call. It can disable ptrace altogether, or if you add a ptrace group to your system, only users in that group will be able to use ptrace().
'sshdfilter' blocks ssh brute force attacks by reading sshd log output in real time and adding iptables rules based on authentication failures. Block rules are created by logging on with an invalid user name, or wrongly guessing the password for an existing account; they are removed after a week to maintain a small list of blocks. Tha package also comes with a LogWatch filter.
Sudoscript is a pair of Perl scripts (sudoscriptd/sudoshell) that provide an audited root shell using sudo by logging all terminal output to log files. It lets sysadmins give users an unrestricted root shell yet not lose the audit trail.
Sussen is a tool that checks for vulnerabilities and configuration issues on computer systems. It is based on the Open Vulnerability and Assessment Language

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.

The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.