aboutsummaryrefslogtreecommitdiffstats

Security

GPLv3
Security by Jean-Christophe Manciot is licensed under a GPLv3 License.

Security Packages

  • amavisd-milter: Interface for milter-capable MTAs. The source code comes from the official Debian repository.
  • amavisd-new: Interface between MTA and virus scanner/content filters. The source code comes from the official Debian repository.
  • arptables: ARP table administration. Arptables is used to set up, maintain, and inspect the tables of ARP rules in the Linux kernel. It is analogous to iptables, but operates at the ARP layer rather than the IP layer. The source code comes from the official Debian repository.
  • checkpolicy: SELinux policy compiler. The source code comes from the official Debian repository.
  • chipsec: Platform Security Assessment Framework. CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities. The source code comes from the official upstream repository.
  • clamav: ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats. The source code comes from the official Debian repository.
  • clamtk: ClamTk is a graphical front-end for ClamAV using Perl and Gtk libraries. It is designed to be an easy-to-use, lightweight, on-demand antivirus scanner for Linux systems. The source code comes from the official Debian repository.
  • cryptsetup: Cryptsetup is a utility used to conveniently setup disk/partition encryption based on DMCrypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt (including VeraCrypt extension) format. Project also includes veritysetup utility used to conveniently setup DMVerity block integrity checking kernel module. The source code comes from the official Debian repository.
  • debsig-verify: Debian package signature verification tool. The source code comes from the official Debian repository.
  • dnscrypt-proxy: Tool for securing communications between a client and a DNS resolver. The source code comes from the official upstream repository.
  • dpkg-sig: Debian package signature creation & verification tool. The source code comes from the official Debian repository.
  • ebtables: Ethernet bridge frame table administration. Ebtables is used to set up, maintain, and inspect the tables of Ethernet frame rules in the Linux kernel. It is analogous to iptables, but operates at the MAC layer rather than the IP layer. The source code comes from the official Debian repository.
  • firewalld: Dynamically managed firewall with support for network zones. The source code comes from the official Debian repository.
  • gnutls28: GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram Transport Layer Security (DTLS 1.0, 1.2) protocols. The source code comes from the official Debian repository.
  • gnupg2: GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). The source code comes from the official Debian repository.
  • gpgme1.0: GnuPG Made Easy. The source code comes from the official Debian repository.
  • greenbone-security-assistant: Remote network security auditor & web interface. The Greenbone Security Assistant is a web application that connects to the OpenVAS Manager and OpenVAS Administrator to provide for a full-featured user interface for vulnerability management. The source code comes from the official Debian repository.
  • gvm: Remote network security auditor. The source code comes from the official Debian repository.
  • gvm-libs: Remote network security auditor. The Open Vulnerability Assessment System is a modular security auditing tool, used for testing remote systems for vulnerabilities that should be fixed. It is made up of two parts: a server, and a client. The server/daemon, gvmd, is in charge of the attacks, whereas the client, gvm-tools, provides an X11/GTK+ user interface. The source code comes from the official Debian repository.
  • gvmd: The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients. It manages the storage of any vulnerability management configurations and of the scan results. Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP). The primary scanner, openVAS Scanner is controlled directly via protocol OTP while any other remote scanner is coupled with the Open Scanner Protocol (OSP). The source code comes from the official Debian repository.
  • iptables: administration tools for packet filtering and NAT. iptables is the userspace command line program used to configure the Linux packet filtering ruleset. The source code comes from the official Debian repository.
  • iptables-persistent: Boot-time loader for netfilter rules & configuration and iptables plugin. The source code comes from the official Debian repository.
  • lasso: Library for Liberty Alliance and SAML protocols. Lasso is an implementation of Liberty Alliance and related protocols, for network identity federations, single sign-on and other web services protocols. The main specifications implemented by the library are ID-FF, ID-WSF and SAML. The source code comes from the official Debian repository.
  • libfido2: Library for generating and verifying FIDO 2.0 objects. A library for communicating with a FIDO device over USB, and for verifying attestation and assertion signatures. FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) are supported. FIDO (Fast Identity Online) is a set of protocols, including U2F (Universal 2nd Factor) and UAF (Universal Authentication Framework), that support usable, strong authentication of users using hardware tokens. The source code comes from the official Debian repository.
  • librtr: An open-source C implementation of the RPKI/Router Protocol client. The RTRlib implements the client-side of the RPKI-RTR protocol (RFC 6810), (RFC 8210) and BGP Prefix Origin Validation (RFC 6811). This also enables the maintenance of router keys. Router keys are required to deploy BGPSEC. This package contains also the rtrclient program. It connects to an RTR-Server over TCP or SSH and shows on STDOUT prefix origin data and router keys that have been received from the RTR server. The source code comes from the official upstream repository.
  • nftables: Program to control packet filtering rules by Netfilter project. This software provides an in-kernel packet classification framework that is based on a network-specific Virtual Machine (VM) and the nft userspace command line tool. The nftables framework reuses the existing Netfilter subsystems such as the existing hook infrastructure, the connection tracking system, NAT, userspace queueing and logging subsystem. Nftables replaces the old popular iptables, ip6tables, arptables and ebtables. The source code comes from the official Debian repository.
  • ntpsec: Network Time Protocol daemon and utility programs. This is the NTPsec version of NTP. NTPsec is a secure, hardened, and improved implementation derived from the original NTP project. The source code comes from the official Debian repository.
  • oath-toolkit: The OATH Toolkit makes it easy to build one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for Open AuTHentication, which is the organization that specify the algorithms. For managing secret key files, the Portable Symmetric Key Container (PSKC) format described in RFC6030 is supported. The source code comes from the official Debian repository.
  • opendkim: Milter implementation of DomainKeys Identified Mail. DKIM provides a way for senders to confirm their identity when sending email by adding a cryptographic signature to the headers of the message. The source code comes from the official Debian repository.
  • openssh: OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options. The source code comes from the official Debian repository.
  • openssl: The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Transport Layer Security (TLS) protocols (including SSLv3) as well as a full-strength general purpose cryptographic library. The source code comes from the official Debian repository.
  • openssl1.0: The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Transport Layer Security (TLS) protocols (including SSLv3) as well as a full-strength general purpose cryptographic library. The source code comes from the official Debian repository.
  • openvas-scanner: Remote network security auditor scanner. It is made up of two parts: a scan server, and a client. The scanner/daemon, openvassd, is in charge of the attacks, whereas the client, OpenVAS-Client, provides an X11/GTK+ user interface The source code comes from the official Debian repository.
  • openvpn: Open source VPN daemon. The source code comes from the official Debian repository.
  • openvpn-systemd-resolved: This is a helper script designed to integrate OpenVPN with the systemd-resolved service via DBus instead of trying to override /etc/resolv.conf, or manipulate systemd-networkd configuration files. The source code comes from the official Debian repository.
  • ospd-openvas: OSP server implementation to allow GVM to remotely control an OpenVAS Scanner The source code comes from the official Debian repository.
  • pinentry: PIN-Entry programs are usually invoked by the gpg-agent daemon, but can be run from the command line as well. There are programs for various text-based and GUI environments, including interfaces designed for Ncurses (text-based), and for the common GTK and Qt toolkits. The source code comes from the official Debian repository.
  • rhash: Utility for computing hash sums and magnet links. The source code comes from the official Debian repository.
  • selinux-basics: This package will pull in basic SELinux stuff to ease installation, as well as provide scripts and helpers to work around common problems. The source code comes from the official Debian repository.
  • selinux-dbus: SELinux core policy utilities (D-Bus daemon). The source code comes from the official Debian repository.
  • semodule-utils: SELinux core policy utilities (modules utilities). The source code comes from the official Debian repository.
  • spamassassin: Perl-based spam filter using text analysis. The source code comes from the official Debian repository.
  • stunnel4: Universal SSL tunnel for network daemons. The source code comes from the official Debian repository.
  • sudo: Provides limited super user privileges to specific users. The source code comes from the official Debian repository.
  • ulogd2: Netfilter Userspace Logging Daemon. The source code comes from the official Debian repository.
  • usbguard: USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system). The source code comes from the official upstream repository.
  • wireguard: Fast, modern, secure kernel VPN tunnel. WireGuard is a novel VPN that runs inside the Linux Kernel and uses state-of-the-art cryptography (the "Noise" protocol). It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It runs over UDP. The source code comes from the official Debian repository.
  • wireguard-linux-compat: Fast, modern, secure kernel VPN tunnel (DKMS version). The source code comes from the official Debian repository.
  • xtables-addons: Xtables-addons is a set of additional extensions for the Xtables packet filter that is present in the Linux kernel (which is loosely known by its administrative commands iptables/ip6tables/etc.). These addons allow for instance to filter traffic by country. The source code comes from the official Debian repository.
  • yubico-pam: Two-factor password and YubiKey OTP PAM module. This package provides the Yubico PAM module. It enables the use of two-factor authentication, with existing logins and passwords plus a YubiKey One-Time Password that is validated against an online validation service. The default is the free YubiCloud, but it is easy to set up a custom service. A second mode of operation is available using the YubiKey's HMAC-SHA-1 Challenge-Response functionality. This allows for offline validation using a YubiKey, for example on a laptop computer. However, this only works for local logins, not for instance SSH logins. The source code comes from the official Debian repository.
  • yubico-piv-tool: Library for communication with the YubiKey PIV smartcard. The Yubico PIV tool is used for interacting with the Personal Identity Verification Card (PIV) application on a YubiKey. With it you may generate keys on the device, import keys and certificates, create certificate requests, and other operations. A shared library, a PKCS#11 module a command-line tool are included. The source code comes from the official Debian repository.
  • yubikey-manager: Python library and command line tool for configuring a YubiKey. YubiKey Manager (ykman) is a command line tool for configuring a YubiKey over all transports. It is capable of reading out device information as well as configuring several aspects of a YubiKey, including enabling or disabling connection transports an programming various types of credentials. The source code comes from the official Debian repository.
  • yubikey-personalization: Personalization tool for Yubikey OTP tokens. This is a tool to customize the tokens with your own cryptographic key, user id and so on. The source code comes from the official Debian repository.
  • yubikey-personalization-gui: Graphical personalization tool for YubiKey tokens. This is a graphical tool to customize the token with your own cryptographic key and options.The source code comes from the official Debian repository.
  • xca: x509 Certification Authority management tool based on QT. XCA creates and manages Certificate authorities and helps the user to create and manage keys, certificates, certificate sign requests, certificate revocation lists etc. All data is saved in an encrypted, portable database, and can be exported in various standard formats. For a good workflow, certificate templates can be defined to make the creation of new certificates an easy task..The source code comes from the official Debian repository.