Free secure access software for linux

Secure Messaging is a Web-based, alternative mail system for sending and receiving messages.

Use secure messaging to send and receive messages from a alternative web-based mail system. Using the secure messaging system no actual mail is transmitted through any 3rd party servers.

Only an optional message notice is sent to the recepient, the user needs to visit the site in order to read the message.

Normal SMTP mail can hit multiple servers and can possibly be read, stored, or changed anywhere within the process.

Setup secure messaging on an SSL enabled website to enhance the privacy even more.

Fast Secure File System exports existing directories securely over the network, letting users store and retrieve encrypted data in a scalable and transparent way. FSFS is written in C and works on GNU/Linux systems on x86 and PPC architectures, with help from FUSE and OpenSSL.
File systems are easily the most evident, from the point of view of users, component of an operating system. Through file systems it is possible to organize data in a wide variety of ways, and access resources through a common interface.
Users can nowadays not only store and retrieve documents, but also find information on running processes and system settings (through ProcFS), access and manipulate e-mail (for example with GmailFS), or perform several other operations.
In several circumstances and scenarios it is desirable to protect stored files and directories from manipulation by unknown or malicious users: financial or health-related data, confidential documents, or any kind of personal or sensitive data may need to be stored securely, in such a way that it can not be examined or modified freely by third parties.
Most file systems do not take action in this sense, and external cryptographic utilities are sometimes employed to secure data before storage. While this can be a perfectly secure solution, it is not transparent to users.
Distributed file systems propose efficient ways of accessing data remotely as if it resided on the local machine; when it comes to dealing with securely stored data as in the examples above, care must be taken to preserve confidentiality and integrity also during network transfer.
Not all distributed file systems accomplish this task, weakening the overall security of the system, or do so inefficiently, making it inconvenient for users.
FSFS is a secure, distributed file system in users space, written in C with much help from FUSE and OpenSSL. It lets users store and retrieve data securely and transparently, knowing that it is protected both on permanent storage devices and while in transit over the network.
It is also concerned with scalability, therefore separates data cryptography from the server, leaving it to the clients; this approach is similar to the one used in CFS, and opposite to those taken on by other secure file system solutions (like NFS on top of IPsec).
FSFS is written as a pair of user space daemons that act as client and server. Because of this, it needs no kernel support (unlike NFS over IPsec), save the FUSE loadable kernel module on clients, included in Linux since 2.6.14; servers dont use FUSE and depend only on user space OpenSSL libraries.
Servers export an existing file system (of virtually any kind) to clients over the network through two separate channels: a TLS connection set up with OpenSSL, and a clear channel. Requests from the clients to the servers are sent via the TLS socket, thus they are encrypted and authenticated, according to TLS v1 specifications, by the channel itself and decrypted on receipt, as they are usually very short and the relevant cryptography does not constitute a great overhead; simple server replies undergo the same process.
Cryptography in this case happens at both ends of the transmission.
In a distributed file system, large amounts of data may be transferred between clients and servers, thus encrypting and decrypting everything may become too cumbersome for both parties, and as more clients are added to the system the server may severely lose performance; moreover, file data should be stored encrypted anyway, so the cryptography could be moved to the clients, in such a way that each encrypts data before a write operation sends it over the network to the server, and decrypts it after a read retrieves it.
This way servers only deal with TLS details and can concentrate on serving client requests by doing the relevant I/O on the underlying, "physical" file system. As the data is already encrypted, it does not need to go through the TLS channel and the corresponding overhead, but can be sent via the clear channel, provided the messages are authenticated.
Enhancements:
- This release fixes two bugs. One bug related to socket creation and would cause problems on some systems (namely OpenSUSE 10.2). The other bug related to server configuration creation when using the Python configuration utilities. Users dont need to upgrade to this release if theyre not experiencing problems or are not using the Python configuration utilities.

The Powered Access Bible is a tool to allow free and effective access to the Bible. This project is especially good at finding which verses contain a given word, and then easily reading those verses in full context. (This is a tool to find what the Bible says about something, and read it in context.) This includes Old Testament, New Testament, and Apocrypha/Deuterocanonical books.
Installation:
To install from this directory, type:
./install
The file general/config may be modified to customise the scripts behavior. You
can change the default translation, for instance, or make it seatch the
apocrypha by default.
If you have the Powered Access Bible installed to e.g.
http://127.0.0.1/cgi-bin/powerbible
then you can specify a passage to look up by linking to:
http://127.0.0.1/cgi-bin/powerbible?passage=Genesis+1
and/or a search term with:
http://127.0.0.1/cgi-bin/powerbible?query=love
Enhancements:
- This is the first stable release since major improvements have been made.
- It includes a bugfix that prevents crashing when the user gives a search query in the wrong text input field and slight changes to the Uncensored Bible.

SecureJSH project enables server side applications written in the Java programming language to provide secure shell access to their administrators, users, developers and service clients, where verbatim syntax of the latest Java programming language can be used - interactively.
SecureJSH needs JDK 6.0 (or later) or JRE 6.0 (or later) with JAVAC on classpath to function.
Security:
SecureJSH implements RFC-4251 SSH 2.0 protocol at the server side, with support of publickey authentication, which is more secure and convenient (no need to enter password every time).
Interactive Execution:
You must first compile traditional Java source code to bytecode before
executing them. But with SecureJSH, the compilation is done transparently so
you just type in arbitrary length of Java statements, then see them get
executed immediately, in context. Context objects are all well kept across
executions, this way you interactively control a live Java application with
the programming language it was writen in.
Verbatim Java Syntax:
Unlike other Java shell supporting tools, SecureJSH leverages JSR-199 Java
compiler API to dynamically compile interactive Java statements. This means you use the EXACTLY same syntax with whatever your applications are writen in, up to the latest Java Language Specification. You can copy & paste code between SecureJSH terminal and your Java project source without problem.
Smart Command Recognization, UNIX Shell Style
Unlike JSR-223 scripting support for the Java language, with which you must
enter the full source of a Java class to execute, SecureJSH is much smarter and
humanized, it prompts you for multi-line input when youve entered incomplete
Java statements, and wraps the statements inside a predefined class structure
for execution. It is a REAL shell.
Non-Interference, Minimum Resource Consumption
SecureJSH has no static resource has to be stored JVM wide, and consume very small amount of resources per instance (with NIO based implementation, all SSH traffics are handled by a single thread). You can run as many shell servers as you wish inside a single JVM, including JVMs of Java application servers.
Commercial Friendly License
SecureJSH is released under a BSD style license. Please read the included
LICENCE.txt for SJSH and third-party license terms.
Enhancements:
- The Java completion algorithm was refined and is more accurate and to the point.
- Rarely used methods like Object.wait() and Object.notify() are filtered out.
- Completion for built-in command options was added - press Tab to complete a command, then Tab again to prompt for common options.
- This works fine with dynamic options (like unimport java.awt.*
- can be entered by uni-[Tab]-j-[Tab], when such an import is in the list).
- The field definition command now takes a type name before a field name, to match the Java variable definition style.

Quinti Secure Contact Form is a contact form for Web pages that is not vulnerable to robots who would abuse such forms for sending spam.
It uses both JavaScript field validators and CAPTCHA for verifying the validity of the sender. Quinti Secure Contact Form is easy to install and configure, and uses valid XHTML 1.1.
I have been attacked thousand times by spammers from my contact form, they use robots and take advantage of certain vulnerabilities of the mail forms to send their spam, and fill up my mailbox up to such an extent that they make your mail practically useless.
There are two ways of tackling this problem: Introducing a CAPTCHA validated through JavaScript, as i explain later.
And introducing certain functions in PHP that prevent these attacks, as you will see in the examples below
At the moment, go to the problem.
Main features:
- Invulnerable secure antispam contact form,
- JavaScript field validator in php (to insert multi-language variables and other variables, if you wish)
- Prevent spammers from using your form to send garbage, guaranteed.
- CAPTCHA to avoid Javascript validated Spam
- Easy to install and configure
- Valid XHTML 1.1

JavaSVN project is a pure Java Subversion client library. You would like to use JavaSVN when you need to access or modify Subversion repository from your Java application, be it a standalone program, plugin or web application.
Being a pure Java program, JavaSVN doesnt need any additional configuration or native binaries to work on any OS that runs Java. On this site you will also find instructions on how to make existing programs use JavaSVN instead of native javahl bindings.
Main features:
- No external binaries or libraries are needed to work with Subversion repository.
- JavaSVN supports http, https, svn and svn+ssh connection protocols.
- New: file protocol is supported in 1.1.0.beta2 version.
- Low level API allows effective direct Subversion repository access.
- JavaSVN is compatible with applications that already use native javahl bindings.

Rule Set Based Access Control (RSBAC) is a Free Software security extension for current Linux kernels. Rule Set Based Access Control is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula and provides a flexible system of access control based on several modules.
All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
Main features:
- Free Open Source (GPL) Linux kernel security solution
- Independent of governments and big companies
- Several well-known and new security models, like MAC, ACL and RC
- On-access virus scanning with the Dazuko interface
- Detailed control over individual user and program network accesses
- Fully access controlled kernel level user management
- Any combination of security models possible
- Easily extensible: write your own model for runtime registration
- Support for latest kernels and stable for production use
Enhancements:
- This release relates to kernel 2.4.34.5 and 2.6.22.1.
- There are important fixes with some compilation errors and an important bug with User Management password hashing, introduced with the newer 2.6 kernel crypto API.
- Some security has been added with safety measures against null pointers.

MySQL Squid Access Report, mysar for short, is a reporting system for user web traffic activity, as logged from a squid proxy.
MySAR consists of two parts:
- Command line utilities which import a squid log file in a MySQL database and maintain the databas.
- A web interface for accessing the reports.
Main features:
- Free. Licenced under the GPL, mysar is free for everyone to use.
- Dynamic. Forget about static reports that take ages to generate, hogging the systems CPU. Mysar is is the only squid reporting system with a database as its backend.
- Almost realtime. No longer do you have to wait for the next hour or day for the reports to be generated. All of the user activity is available to you when you want it. NOW.
- Portable. Written in pure PHP, mysar is available to any unix-based OS platform PHP supports, without any modification.
- Flexible. Since the code is open-source, you can customize it to your needs. Create you own reports as you see fit.
- Supported. Mysar project has a mailing-list, forum and an active maintainer.
- Stable. Utilizing mature and stable software like Smarty, MySQL and PHP, mysar is standing on the shoulders of giants.
- Easy. With a foolproof installation and a user-friendly web interface, mysar makes web traffic reporting easier than ever.
- Customizable. Mysar neednt be on the same server as squid or MySQL. If your load is too high, just load-balance your processes as you see fit.
Enhancements:
- This version added 64-bit support for the binary importer.