< Prev 1 2 3 Next >
Category: Hardening » Linux
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports Apache (both branches) today, with support for Java-based servers coming soon.
ClarkConnect Internet Gateway
ClarkConnect is a software package that transforms an old beat up PC into a smart, simple, and secure Internet gateway and server for your home or small office network. In addition to connection sharing, the software comes with a strong firewall, Apache, dynamic DNS utilities, and Samba filesharing. The software is based on Red Hat Linux.
Trustix Secure Linux
Trustix Secure Linux is a project to make a hardened Linux distribution for servers. It features FreeS/WAN, OpenSSL, OpenSSH, Apache w/SSL & PHP, Postfix, POP3 and IMAP with SSL support, ProFTP, ftpd-BSD, and PostgreSQL.
Bastille Linux aims to be the most comprehensive, flexible, and educational Security Hardening Program for Red Hat, Mandrake, and Debian Linux, along with HP-UX. Virtually every task it performs is optional, providing immense flexibility. It educates the installing admin regarding the topic at hand before asking any question. The interactive nature allows the program to be more thorough when securing, while the educational component produces an admin who is less likely to compromise the increased security.
Shilosh OS provides a secure and stable operating system based on a highly modified Linux kernel, with its own package system similar to BSD's "ports". Compatible with x86 and Power PC, it is also 99% compatible with Windows 9x. It is easy to use and includes complete documentation in many languages.
CylantSecure: Linux Kernel Plugin
CylantSecure is a complete security architecture that currently provides a security plug-in for the Linux kernel. It enables a user to protect and reject both known and novel attacks in real time. It makes use of a number of Open Source technologies. It provides an XML and GTK+ based administration interface, and secures all communication with OpenSSL. Our product is currently being released with support for 2.2 kernels on RedHat 6.x systems.
Linux Intrusion Detection System LSM (Linux Security Module)
The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
WebSecure4Linux is a simple, unofficial Linux client for the Freedom WebSecure service (see http://www.freedom.net/products/websecure/). Zero-Knowledge Systems runs the service and provides a Windows client, but is not responsible for this Linux client. Note that you will need to sign up for the service before this client will operate. It currently supports HTTP on all versions of Linux, and HTTPS is supported under Linux 2.4. WebSecure4Linux is not feature-complete and it is slow. It's written in Perl, and forks for each Web connection.
LCAP Linux Kernel Capability Remover
"Capabilities" are a form of kernel-based access control. Linux kernel versions 2.2.11 and greater include the idea of a "capability bounding set". The bounding set is a list of capabilities that can be held by any process on the system. If a capability is removed from the bounding set, the capability may not be used by any process on the system (even processes owned by root). LCAP allows a system administrator to remove specific capabilities from the kernel in order to make the system more secure. LCAP modifies the value in the sysctl file "/proc/sys/kernel/cap-bound".
SPIRO-Bastille attempts to make your system ultra secure by periodically checking the SPIRO-Linux website for security updates. It hardens the system from various attacks while adjusting ftpd, inetd, console security, remote access, etc. It is based up on the original Bastille-Linux Hardening System.
Browse by category