Free home security systems software for linux

Fast Secure File System exports existing directories securely over the network, letting users store and retrieve encrypted data in a scalable and transparent way. FSFS is written in C and works on GNU/Linux systems on x86 and PPC architectures, with help from FUSE and OpenSSL.
File systems are easily the most evident, from the point of view of users, component of an operating system. Through file systems it is possible to organize data in a wide variety of ways, and access resources through a common interface.
Users can nowadays not only store and retrieve documents, but also find information on running processes and system settings (through ProcFS), access and manipulate e-mail (for example with GmailFS), or perform several other operations.
In several circumstances and scenarios it is desirable to protect stored files and directories from manipulation by unknown or malicious users: financial or health-related data, confidential documents, or any kind of personal or sensitive data may need to be stored securely, in such a way that it can not be examined or modified freely by third parties.
Most file systems do not take action in this sense, and external cryptographic utilities are sometimes employed to secure data before storage. While this can be a perfectly secure solution, it is not transparent to users.
Distributed file systems propose efficient ways of accessing data remotely as if it resided on the local machine; when it comes to dealing with securely stored data as in the examples above, care must be taken to preserve confidentiality and integrity also during network transfer.
Not all distributed file systems accomplish this task, weakening the overall security of the system, or do so inefficiently, making it inconvenient for users.
FSFS is a secure, distributed file system in users space, written in C with much help from FUSE and OpenSSL. It lets users store and retrieve data securely and transparently, knowing that it is protected both on permanent storage devices and while in transit over the network.
It is also concerned with scalability, therefore separates data cryptography from the server, leaving it to the clients; this approach is similar to the one used in CFS, and opposite to those taken on by other secure file system solutions (like NFS on top of IPsec).
FSFS is written as a pair of user space daemons that act as client and server. Because of this, it needs no kernel support (unlike NFS over IPsec), save the FUSE loadable kernel module on clients, included in Linux since 2.6.14; servers dont use FUSE and depend only on user space OpenSSL libraries.
Servers export an existing file system (of virtually any kind) to clients over the network through two separate channels: a TLS connection set up with OpenSSL, and a clear channel. Requests from the clients to the servers are sent via the TLS socket, thus they are encrypted and authenticated, according to TLS v1 specifications, by the channel itself and decrypted on receipt, as they are usually very short and the relevant cryptography does not constitute a great overhead; simple server replies undergo the same process.
Cryptography in this case happens at both ends of the transmission.
In a distributed file system, large amounts of data may be transferred between clients and servers, thus encrypting and decrypting everything may become too cumbersome for both parties, and as more clients are added to the system the server may severely lose performance; moreover, file data should be stored encrypted anyway, so the cryptography could be moved to the clients, in such a way that each encrypts data before a write operation sends it over the network to the server, and decrypts it after a read retrieves it.
This way servers only deal with TLS details and can concentrate on serving client requests by doing the relevant I/O on the underlying, "physical" file system. As the data is already encrypted, it does not need to go through the TLS channel and the corresponding overhead, but can be sent via the clear channel, provided the messages are authenticated.
Enhancements:
- This release fixes two bugs. One bug related to socket creation and would cause problems on some systems (namely OpenSUSE 10.2). The other bug related to server configuration creation when using the Python configuration utilities. Users dont need to upgrade to this release if theyre not experiencing problems or are not using the Python configuration utilities.

Security::CVSS is a Perl module to calculate CVSS values (Common Vulnerability Scoring System).

SYNOPSIS

use Security::CVSS;

my $CVSS = new Security::CVSS;

$CVSS->AccessVector(Local);
$CVSS->AccessComplexity(High);
$CVSS->Authentication(Not-Required);
$CVSS->ConfidentialityImpact(Complete);
$CVSS->IntegrityImpact(Complete);
$CVSS->AvailabilityImpact(Complete);
$CVSS->ImpactBias(Normal);

my $BaseScore = $CVSS->BaseScore();

$CVSS->Exploitability(Proof-Of-Concept);
$CVSS->RemediationLevel(Official-Fix);
$CVSS->ReportConfidence(Confirmed);

my $TemporalScore = $CVSS->TemporalScore()

$CVSS->CollateralDamagePotential(None);
$CVSS->TargetDistribution(None);

my $EnvironmentalScore = $CVSS->EnvironmentalScore();

my $CVSS = new CVSS({AccessVector => Local,
AccessComplexity => High,
Authentication => Not-Required,
ConfidentialityImpact => Complete,
IntegrityImpact => Complete,
AvailabilityImpact => Complete,
ImpactBias => Normal
});

my $BaseScore = $CVSS->BaseScore();

$CVSS->UpdateFromHash({AccessVector => Remote,
AccessComplexity => Low);

my $NewBaseScore = $CVSS->BaseScore();

$CVSS->Vector((AV:L/AC:H/Au:NR/C:N/I:P/A:C/B:C));
my $BaseScore = $CVSS->BaseScore();
my $Vector = $CVSS->Vector();

CVSS allows you to calculate all three types of score described under the CVSS system: Base, Temporal and Environmental.

You can modify any parameter via its accessor and recalculate at any time.
The temporal score depends on the base score, and the environmental score depends on the temporal score. Therefore you must remember to supply all necessary parameters.

Luke Macken Security LiveCD provides a fully functional livecd based on Fedora for use in security auditing, forensics research, and penetration testing.
Main features:
- All of the security features and tools Fedora has to offer
- Features from the FedoraLiveCD
- Ability to install directly to hard drive
Spinning your own
# yum install mercurial livecd-tools
$ hg clone http://hg.lewk.org/security-livecd
# livecd-creator --config security-livecd/fedora-security-livecd.ks --fslabel=Fedora-7-Security-LiveCD
Making changes to the LiveCD is as simple as modifying the fedora-security-livecd.ks configuration file.

Ubuntu Security Notice Monitor is a karamba theme that displays the ten most recent USN report titles in a desktop widget.

Ubuntu Security Notice Monitor works by parsing the link text out of the USN page at http://www.ubuntulinux.org/usn using a Python backend.

Thanks goes to Richard "Ricardo" Szlachta for the graphics work.

• A Firewall with stateful packet inspection and application proxies guards Internet communications traffic in and out of the organization.
• A Virtual Private Network (VPN) gateway assures secure communications with remote offices, road warriors and telecommuters.
• Anti-Virus defends computers from both email and web-bourne viruses.
• Intrusion Protection detects and stops hostile probes and application-based attacks.
• Spam Filtering eliminates the productivity drain of opening and deleting unsolicited emails.
• Surf Protection (Content Filtering) and Spyware Protection improve productivity by blocking inappropriate web activities, provide full protection from user tracking threats and violation of privacy.

Major Features:

1. Protects all types of networks Windows, Linux, Unix and others.
2. Delivers comprehensive features at low cost maximizing your ROI (return on investment).
3. Highly effective. Has won numerous industry awards. Beat Cisco and Checkpoint in InfoWorld magazine product review, Beat IBM and Computer Associates in Linux World for Best Security Application.
4. Integrated management platform features an intuitive browser-based interface and one-step updates for rapid deployment and easy management.
5. Can be installed in under 15 minutes or purchased pre-installed on security appliances.
6. Can start with firewall, VPN and spam protection and add other security applications as needed, seamlessly.
7. Runs as a dedicated application server on top of a hardened operating system, which relieves operating system management headaches.
8. Runs on systems ranging from small devices up to large multi-processor systems utilizing gigabytes of memory.
9. Redundant systems can be configured to provide high availability and automatic failover in case of hardware or network failures.
10. Load balancing improves performance traffic shaping can set priorities by network, service and protocol.
11. Logging, automatic backup, and diagnostic tools support high reliability.
12. Free online evaluation workshop to get you started.

Enhancements:

• This Up2Date addresses a few issues that did not make the 7.4 GA version in time.
• This is a pure bugfix/stability release that strengthens the quality of your installation.

Email Security through Procmail (the Procmail Sanitizer) provides methods to sanitize email, removing obvious exploit attempts and disabling the channels through which exploits are delivered.
Email Security through Procmail also provides facilities for detecting and blocking Trojan Horse exploits and worms.
Enhancements:
- This release added default poisoning of the application/x-msdownload MIME type in response to a new worm.
- Full MIME-type poisoning support will be available shortly.
- This release was accelerated for security reasons.

The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.
Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier. Even during the planning and development stages, our target was to achieve an excellent user-friendliness combined with an optimal toolset.
Professional open-source programs offer you a complete toolset to analyse your safety, byte for byte. In order to become quickly proficient within the Auditor security collection, the menu structure is supported by recognised phases of a security check. (Foot-printing, analysis, scanning, wireless, brute-forcing, cracking).
By this means, you instinctively find the right tool for the appropriate task. In addition to the approx. 300 tools, the Auditor security collection contains further background information regarding the standard configuration and passwords, as well as word lists from many different areas and languages with approx. 64 million entries.
Current productivity tools such as web browser, editors and graphic tools allow you to create or edit texts and pictures for reports, directly within the Auditor security platform. Many tools were adapted, newly developed or converted from other system platforms, in order to make as many current auditing tools available as possible on one CD-ROM.
Tools like Wellenreiter and Kismet were equipped with an automatic hardware identification, thus avoiding irritating and annoying configuration of the wireless cards.
Enhancements:
New & Updated tools:
- proxychains 1-8-1 (for example scanning over proxy more easy)
- yersinia-0.5.4
- kismet-logfile-viewer klv.pl and klc.pl
- ntp fingerprinting tool
- tftp bruteforce tool
- snmp fuzzer
- cisco torch 0.4b
- unicornscan 0.4.2
- packit
- sendip
- nasl 2.2.4
- tcpick
- cryptcat
- amap version 4.8
- tcpsplit
- Ethereal version 10.11
- ettercap-ng-0.72 and modified the etter.conf
- replaced tinysnmp with snmp tools
- vnc2swf /usr/X11R6/bin/recordwin and vnc2swf
- edit_vnc2swf.py
- edit_mp3.py
- wpa-supplicatiant 0.3.8
- hostapd-utils 0.3.7
- ssldump
- fragrouter
- Metasploit 2.4 including all known updates
- airsnarf, but no menu at moment
- fakeap to /opt/auditor but no menu entry at moment, need to write a shell script
- dsniff 2.4b1-10
- nessus plugins updated
- exploit tree updated
- Snort 2.3.2-5
- Bleeding-edge rules for snort
- New aircrack
- New airsnort
- Bet i forgot some to mention.
New & updated drivers:
- rt2400 linux drivers and utils (untested)
- rtl8180 driver (8180_26_private.ko and open8180.ko and /usr/local/bin/wlanup and /usr/local/bin/wlandown) (Untested)
- hostap drivers 0.3.7
- ipw2100 & ipw2200 incl firmware, incl monitor mode
- Prism54 with injection patch
- Linux-wlan-ng with injection patch
- Madwifi with injection patch
- ACX drivers are back on cd
Addons:
- Default password list has been updated
- Added some changes to the network stack using /etc/sysctl.conf, which will be called from knoppix-autoconfig script
- New background image
Some fixes i remember:
- Kernel completely rebuilded to provide full functionality
- Isolinux now accepts bootparameters again
- USB drivers are back to /dev/sda and booting from stick works fine
- grub files have been fixed
- fixed hostname /etc/hosts
- /cdrom/index.html pointed to the old forum fixed that
- Added cardctl eject, cardctl insert into switch-to-XY scripts
- Fixed the homebutton of the konquerror when clicked first time
- Fixed the menuentry for nessus