Difference between revisions of "List of applications/Security"

From ArchWiki
Jump to: navigation, search
(Security)
(update interlanguage links)
(Tag: wiki-scripts)
 
(99 intermediate revisions by 40 users not shown)
Line 1: Line 1:
 
<noinclude>
 
<noinclude>
 
[[Category:Applications]]
 
[[Category:Applications]]
[[it:List of Applications/Security]]
+
[[es:List of applications/Security]]
[[ja:List of Applications/Security]]
+
[[it:List of applications/Security]]
[[zh-CN:List of Applications/Security]]
+
[[ja:アプリケーション一覧/セキュリティ]]
{{List of Applications navigation}}
+
[[ru:List of applications/Security]]
 +
[[uk:List of applications/Security]]
 +
[[zh-cn:List of applications/Security]]
 +
[[zh-tw:List of applications/Security]]
 +
{{List of applications navigation}}
 
</noinclude>
 
</noinclude>
 
== Security ==
 
== Security ==
  
*For detailed guides, see the main ArchWiki page, [[Security]].
+
For detailed guides, see the main ArchWiki page, [[Security]].
  
====FireWalls====
+
==== Firewalls ====
{{Wikipedia|Comparison of firewalls}}
+
{{Box||See the main article: [[Firewall]].|#E5E5FF|#FCFCFC}}
+
  
====Network Security====
+
See the main article: [[Firewalls]].
* {{App|[[Wikipedia:Arpwatch|Arpwatch]]|A tool that monitors ethernet activity and keeps a database of Ethernet/IP address pairings.|http://ee.lbl.gov/|{{Pkg|arpwatch}}}}
+
* {{App|[[Honeyd]]|A tool that allows the user to set up and run multiple virtual hosts on a computer network.|http://www.honeyd.org/|{{AUR|honeyd}}}}
+
* {{App|[[Wikipedia:Nmap|Nmap]]|A security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network.|http://nmap.org/|{{Pkg|nmap}}}}
+
* {{App|[[Ntop]]|A network probe that shows network usage in a way similar to what top does for processes.|http://www.ntop.org/|{{Pkg|ntop}}}}
+
* {{App|IPTraf|A console-based network monitoring utility.|https://fedorahosted.org/iptraf-ng/|{{Pkg|iptraf-ng}}}}
+
* {{App|PortBunny|An extremly fast console port scanner.|http://www.recurity-labs.com/portbunny/index.shtml|{{AUR|portbunny}}}}
+
* {{App|[[Snort]]|A network intrusion prevention and detection system.|http://www.snort.org/|{{Pkg|snort}}}}
+
* {{App|[[Sshguard]]|A daemon that protects SSH and other services against brute-force attacts, similar to Fail2ban.|http://www.sshguard.net/|{{Pkg|sshguard}}}}
+
* {{App|[[vnStat]]|A console-based network traffic monitor that keeps a log of network traffic for the selected interfaces.|http://humdi.net/vnstat/|{{Pkg|vnstat}}}}
+
* {{App|[[Wireshark]]|A network protocol analyzer that lets you capture and interactively browse the traffic running on a computer network.|http://www.wireshark.org/|{{Pkg|wireshark-cli}} {{Pkg|wireshark-gtk}}}}
+
  
====Threat & Vulnerability Detection====
+
See also [[Wikipedia:Comparison of firewalls]].
* {{App|[[Nessus]]|A comprehensive vulnerability scanning program.|http://www.nessus.org/products/nessus|{{AUR|nessus}}}}
+
* {{App|[[Wikipedia:Open Source Tripwire|Tripwire]]|An intrusion detection system.|http://tripwire.sourceforge.net/|{{Aur|tripwire}}}}
+
  
====File Security====
+
==== Network security ====
* {{App|[[AIDE]]|A file and directory integrity checker.|http://aide.sourceforge.net/|{{Pkg|aide}}}}
+
* {{App|[[Logwatch]]|A customizable log analysis system.|http://sourceforge.net/projects/logwatch/|{{Pkg|logwatch}}}}
+
* {{App|Swatch|A utility that can monitor just about any type of log.|http://swatch.sourceforge.net/|{{AUR|swatch}}}}
+
* {{App|[[Wikipedia:tcpdump|Tcpdump]]|A common console-based packet analyzer that allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network.|http://www.tcpdump.org/|{{Pkg|tcpdump}}}}
+
  
 +
* {{App|[[Wikipedia:Arpwatch|Arpwatch]]|Tool that monitors ethernet activity and keeps a database of Ethernet/IP address pairings.|http://ee.lbl.gov/|{{Pkg|arpwatch}}}}
 +
* {{App|Bro|Powerful network analysis framework that is much different from the typical IDS you may know.|https://www.bro.org/}}
 +
* {{App|EtherApe|Graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.|http://etherape.sourceforge.net/|{{Pkg|etherape}}}}
 +
* {{App|[[Honeyd]]|Tool that allows the user to set up and run multiple virtual hosts on a computer network.|http://www.honeyd.org/|{{AUR|honeyd}}}}
 +
* {{App|IPTraf|Console-based network monitoring utility.|https://fedorahosted.org/iptraf-ng/|{{Pkg|iptraf-ng}}}}
 +
* {{App|Kismet|802.11 layer2 wireless network detector, sniffer, and intrusion detection system.|http://www.kismetwireless.net/|{{Pkg|kismet}}}}
 +
* {{App|Nemesis|Command-line network packet crafting and injection utility.|http://nemesis.sourceforge.net/|{{Pkg|nemesis}}}}
 +
* {{App|[[Nmap]]|Security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network.|http://nmap.org/|{{Pkg|nmap}}}}
 +
* {{App|[[Ntop]]|Network probe that shows network usage in a way similar to what top does for processes.|http://www.ntop.org/|{{Pkg|ntop}}}}
 +
* {{App|[[Snort]]|Network intrusion prevention and detection system.|http://www.snort.org/|{{AUR|snort}}}}
 +
* {{App|Spectools|A set of utilities for spectrum analyzer hardware including Wi-Spy devices.|https://www.kismetwireless.net/spectools/|{{AUR|spectools}}}}
 +
* {{App|[[Sshguard]]|Daemon that protects SSH and other services against brute-force attacts, similar to Fail2ban.|http://www.sshguard.net/|{{Pkg|sshguard}}}}
 +
* {{App|[[Suricata]]|High performance Network IDS, IPS and Network Security Monitoring engine.|http://suricata-ids.org/|{{AUR|suricata}}}}
 +
* {{App|[[Wikipedia:tcpdump|Tcpdump]]|Common console-based packet analyzer that allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network.|http://www.tcpdump.org/|{{Pkg|tcpdump}}}}
 +
* {{App|[[vnStat]]|Console-based network traffic monitor that keeps a log of network traffic for the selected interfaces.|http://humdi.net/vnstat/|{{Pkg|vnstat}}}}
 +
* {{App|[[Wireshark]]|Network protocol analyzer that lets you capture and interactively browse the traffic running on a computer network.|http://www.wireshark.org/|{{Pkg|wireshark-cli}} {{Pkg|wireshark-qt}} {{Pkg|wireshark-gtk}}}}
 +
 +
==== Threat and vulnerability detection ====
 +
 +
* {{App|AFICK|Security tool that allows to monitor the changes on your files systems, and so can detect intrusions.|http://afick.sourceforge.net/|{{AUR|afick}}}}
 +
* {{App|Lynis|Security and system auditing tool to harden Unix/Linux systems.|https://cisofy.com/lynis/|{{Pkg|lynis}}}}
 +
* {{App|[[Metasploit Framework]]|An advanced open-source platform for developing, testing, and using exploit code.|http://www.metasploit.com/|{{Pkg|metasploit}}}}
 +
* {{App|[[Nessus]]|Comprehensive vulnerability scanning program.|http://www.nessus.org/products/nessus|{{AUR|nessus}}}}
 +
* {{App|[[OpenVAS]]|Framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. FOSS Nessus fork.|http://www.openvas.org/|{{Grp|openvas}}}}
 +
* {{App|Osiris|Tool for monitoring system integrity and changes across a network.|https://launchpad.net/osiris|{{Pkg|osiris}}}}
 +
* {{App|OSSEC|Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.|https://ossec.github.io/|{{AUR|ossec-agent}} {{AUR|ossec-local}} {{AUR|ossec-server}}}}
 +
* {{App|Samhain|Host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. |http://www.la-samhna.de/samhain/index.html}}
 +
* {{App|Tiger|Security tool that can be use both as a security audit and intrusion detection system.|http://www.nongnu.org/tiger/|{{AUR|tiger}}}}
 +
* {{App|[[Wikipedia:Open Source Tripwire|Tripwire]]|Intrusion detection system.|https://github.com/Tripwire/tripwire-open-source|{{AUR|tripwire}}{{Broken package link|{{aur-mirror|tripwire}}}}}}
 +
 +
==== File security ====
 +
 +
* {{App|[[AIDE]]|File and directory integrity checker.|http://aide.sourceforge.net/|{{Pkg|aide}}}}
 +
* {{App|Logcheck|Simple utility which is designed to allow a system administrator to view the logfiles which are produced upon hosts under their control.|https://logcheck.alioth.debian.org/}}
 +
* {{App|[[Logwatch]]|Customizable log analysis system.|http://sourceforge.net/projects/logwatch/|{{Pkg|logwatch}}}}
 +
* {{App|OpenDLP|OpenDLP is a free and open source, agent- and agentless-based, centrally-managed, massively distributable data loss prevention tool.|https://code.google.com/archive/p/opendlp/}}
 +
* {{App|Swatch|Utility that can monitor just about any type of log.|http://swatch.sourceforge.net/|{{AUR|swatch}}{{Broken package link|{{aur-mirror|swatch}}}}}}
 +
 +
==== Anti malware ====
 +
 +
* {{App|chkrootkit|Locally checks for signs of a rootkit.|http://www.chkrootkit.org/|{{AUR|chkrootkit}}}}
 +
* {{App|[[ClamAV]]|Open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.|http://www.clamav.net/|{{Pkg|clamav}}}}
 +
* {{App|Linux Malware Detect|Malware scanner designed around the threats faced in shared hosted environments.|https://www.rfxn.com/projects/linux-malware-detect/|{{AUR|maldet}}}}
 +
* {{App|Rootkit Hunter|Checks machines for the presence of rootkits and other unwanted tools.|http://rkhunter.sourceforge.net/|{{Pkg|rkhunter}}}}
  
 
==== Backup programs ====
 
==== Backup programs ====
{{Wikipedia|Comparison of backup software}}
 
  
{{Box||See the main article: [[Backup Programs]]|#E5E5FF|#FCFCFC}}
+
See the main article: [[Synchronization and backup programs]].
 +
 
 +
See also [[Wikipedia:Comparison of backup software]].
 +
 
 +
==== Screen lockers ====
 +
{{Warning|Only ''sflock'', ''physlock'', ''Cinnamon Screensaver'', ''MATE Screensaver'' and ''GNOME Screensaver'' are able to block tty access.}}
 +
 
 +
* {{App|Cinnamon Screensaver|Screen locker for the Cinnamon desktop.|https://github.com/linuxmint/cinnamon-screensaver|{{Pkg|cinnamon-screensaver}}}}
 +
* {{App|GNOME Screensaver|Screen locker for the GNOME Flashback desktop.|https://wiki.gnome.org/Projects/GnomeScreensaver|{{Pkg|gnome-screensaver}}}}
 +
* {{App|i3lock|A simple screen locker. Provides user feedback, uses PAM authentication, supports DPMS. The background can be set to an image or solid color.|http://i3wm.org/i3lock/|{{Pkg|i3lock}}}}
 +
* {{App|i3lock-blur|Fork of ''i3lock'' which can use your desktop with the blur effect applied as a background.|https://github.com/karulont/i3lock-blur|{{Aur|i3lock-blur}}}}
 +
* {{App|i3lock-wrapper|A simple wrapper around ''i3lock'' which sets up a blurred screenshot of the desktop as a background image.|https://github.com/ashinkarov/i3-extras|{{Aur|i3lock-wrapper}}}}
 +
* {{App|Light-locker|A simple locker (forked from ''gnome-screensaver'') that aims to have simple, sane, secure defaults and be well integrated with the desktop while not carrying any desktop-specific dependencies. It relies on [[LightDM]] for locking and unlocking your session via ConsoleKit/UPower or ''logind/systemd''|https://github.com/the-cavalry/light-locker|{{Pkg|light-locker}}}}
 +
* {{App|MATE Screensaver|Screensaver and locker for MATE Desktop Environment.|https://github.com/mate-desktop/mate-screensaver|{{Pkg|mate-screensaver}}}}
 +
* {{App|physlock|Screen and console locker.|https://github.com/muennich/physlock|{{AUR|physlock}}}}
 +
* {{App|sflock|Simple screen locker utility for X, based on slock. Provides a very basic user feedback.|https://github.com/benruijl/sflock|{{AUR|sflock-git}}}}
 +
* {{App|slock|Very simple and lightweight X screen locker. Offers only a black background when locked, there are no animations or text fields.|http://tools.suckless.org/slock|{{Pkg|slock}}}}
 +
* {{App|sxlock|Fork of sflock with a few enhancements. Provides basic user feedback, uses PAM authentication, supports DPMS and RandR. Supports {{ic|sxlock.service}} to lock the screen on suspend/hibernation. See the [https://github.com/lahwaacz/sxlock/blob/master/README.md README] for more information.|https://github.com/lahwaacz/sxlock|{{AUR|sxlock-git}}}}
 +
* {{App|tsscreenlock|Screen locker used in theShell. Shows music controls, and if used with theShell, also shows desktop notifications.|https://github.com/vicr123/tsscreenlock|{{AUR|tsscreenlock}}}}
 +
* {{App|vlock|TTY locker. A mirror of the [https://lists.archlinux.org/pipermail/aur-general/2013-July/024662.html original vlock] is available at [https://github.com/WorMzy/vlock github].|http://www.kbd-project.org|{{Pkg|kbd}}}}
 +
* {{App|xlockmore|Simple X11 screen lock with PAM support.|http://www.tux.org/~bagleyd/xlockmore.html|{{Pkg|xlockmore}}}}
 +
* {{App|[[XScreenSaver]]|Screen saver and locker for the X Window System.|http://www.jwz.org/xscreensaver/|{{Pkg|xscreensaver}}}}
 +
* {{App|XSecureLock|X11 screen lock utility designed with the primary goal of security.|https://github.com/google/xsecurelock|{{AUR|xsecurelock-git}}}}
 +
 
 +
==== Hash checkers ====
 +
 
 +
* {{app|cfv|Tiny utility to both test and create checksum files, support {{ic|.sfv}}, {{ic|.csv}}, {{ic|.crc}}, {{ic|.md5}}, {{ic|md5sum}}, {{ic|sha1sum}}, {{ic|.torrent}}, {{ic|par}}, and {{ic|.par2}} files.| http://cfv.sourceforge.net/|{{pkg|cfv}}}}
 +
* {{App|GtkHash|A GTK+ utility for computing message digests or checksums|http://gtkhash.sourceforge.net/|{{AUR|gtkhash}}}}
 +
* {{App|hashdeep|A cross-platform tools to computer hashes, or message digests, for any number of files|http://md5deep.sourceforge.net/|{{AUR|md5deep}}{{Broken package link|{{aur-mirror|md5deep}}}}}}
 +
* {{App|Parano|A GNOME frontend for creating/editing/checking MD5 and SFV files|http://parano.berlios.de/|{{AUR|parano}}}}
 +
* {{App|Quick Hash GUI|A GUI to enable the rapid selection and subsequent hashing of files (individually or recursively throughout a folder structure) text and (on Linux) disks.|http://sourceforge.net/projects/quickhash/}}
 +
* {{App|RHash|Utility for verifying hash sums (SFV, CRC, etc). Supports lots of algorithms.|http://rhash.anz.ru/|{{Pkg|rhash}}}}
 +
* {{App|MassHash|A set of file hashing tools (both CLI and GTK+ GUI) written in Python.  Supported algorithms include MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512.|http://jdleicher.github.io/MassHash/|{{AUR|masshash}}}}
 +
 
 +
==== Encryption, signing, steganography ====
 +
 
 +
* {{app|ccrypt|A command-line utility for encrypting and decrypting files and streams.|http://ccrypt.sourceforge.net/|{{pkg|ccrypt}}}}
 +
*{{App|[[Wikipedia:Enigmail|Enigmail]]|''a security extension to Mozilla Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard.''|https://enigmail.net|{{AUR|thunderbird-enigmail}}}}
 +
* {{app|[[GnuPG]]|The GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880. Free and Open Source replacement of PGP, mostly used for digital signing of packages.|http://gnupg.org/|{{pkg|gnupg}}}}
 +
* {{app|gzsteg|A utiltiy that can hide data in gzip compressed files|http://www.nic.funet.fi/pub/crypt/steganography/|{{AUR?|gzsteg}}}}
 +
*{{App|[[Wikipedia:KGPG|KGpg]]|''a simple interface for GnuPG'' for KDE.|https://www.kde.org/applications/utilities/kgpg/|{{Pkg|kdeutils-kgpg}}}}
 +
*{{App|[[Wikipedia:Seahorse_(software)|Seahorse]]|''GNOME application for managing encryption keys and passwords in the GnomeKeyring.''|https://wiki.gnome.org/Apps/Seahorse/|{{Pkg|seahorse}}}}
 +
* {{app|silenteye|A steganography application written in C++, use Qt4 library.|http://www.silenteye.org/|{{AUR?|silenteye}}}}
 +
* {{app|snow|Steganography program for concealing messages in text files|http://www.darkside.com.au/snow/|{{aur|snow}}{{Broken package link|{{aur-mirror|snow}}}}}}
 +
* {{app|steghide|A steganography utility that is able to hide data in various kinds of image and audio files.|http://steghide.sourceforge.net|{{pkg|steghide}}}}
 +
* {{app|stegparty|A steganography utility hides text by typoing text existing text files.|https://github.com/countrygeek/stegparty|{{AUR|stegparty}}{{Broken package link|{{aur-mirror|stegparty}}}}}}
 +
 
 +
==== Password managers ====
 +
 
 +
* {{App|Console Password Manager|Curses based password manager using PGP-encryption.|https://github.com/comotion/cpm|{{AUR|cpm}}{{Broken package link|{{aur-mirror|cpm}}}}}}
 +
* {{App|Enpass|A multiplatform password manager|https://www.enpass.io/|{{AUR|enpass-bin}}}}
 +
* {{App|Figaro's Password Manager 2|GTK2 port of [http://fpm.sourceforge.net/ Figaro's Password Manager] with some new enhancements.|http://als.regnet.cz/fpm2/|{{AUR|fpm2}}}}
 +
* {{App|GPass|Password manegement software for GNOME2 desktop.|https://github.com/raffael-sfm/gpass|{{AUR|gpass}}}}
 +
* {{App|GPassword Manager|Simple, lightweight and cross-platform utility for managing and accessing passwords.|http://sourceforge.net/projects/gpasswordman/|{{AUR|gpasswordman}}{{Broken package link|{{aur-mirror|gpasswordman}}}}}}
 +
* {{App|Gtkpass|Gtkpass is a GTK and Libkpass-based password manager for KeePass 1.x databases.|https://sourceforge.net/projects/gtkpass/|{{AUR|gtkpass}}{{Broken package link|{{aur-mirror|gtkpass}}}}}}
 +
* {{App|Ked Password Manager|A password manager that helps to manage large numbers of passwords.|http://kedpm.sourceforge.net|{{AUR|kedpm}}}}
 +
* {{App|[[KeePass|KeePass Password Safe]]|Free open source Mono-based password manager, which helps you to manage your passwords in a secure way.|http://keepass.info/|{{Pkg|keepass}}}}
 +
* {{App|KeePassC|KeePassC is a curses-based password manager compatible to KeePass v.1.x and KeePassX.|https://raymontag.github.com/keepassc|{{AUR|keepassc}}}}
 +
* {{App|KeePassX|Free and open source Qt-based password manager. Compatible with KeePass v.1.x and KeePass v.2.x.|http://www.keepassx.org/|{{Pkg|keepassx}}  {{Pkg|keepassx2}}}}
 +
* {{App|MyPasswords|What you need for managing your passwords, including the passwords of your online accounts, bank accounts and ... with the corresponding URLs.|http://sourceforge.net/projects/mypasswords7/}}
 +
* {{App|MyPasswordSafe|Easy-to-use QT based password manager, compatible with Password Safe files (and therefore pwsafe).|http://www.semanticgap.com/myps/|{{AUR|mypasswordsafe}}{{Broken package link|{{aur-mirror|mypasswordsafe}}}}}}
 +
* {{App|Pasaffe|Easy to use password manager for Gnome with a Password Safe 3.0 compatible database.|https://launchpad.net/pasaffe|{{AUR|pasaffe}}{{Broken package link|{{aur-mirror|pasaffe}}}}}}
 +
* {{App|[[pass]]|Simple console based password manager|http://www.passwordstore.org/|{{Pkg|pass}}}}
 +
* {{App|Password Gorilla|A cross-platform password manager.|https://github.com/zdia/gorilla/wiki/|{{AUR|password-gorilla}}}}
 +
* {{App|Password Safe|Simple and secure password manager.|http://passwordsafe.sourceforge.net/|{{AUR|passwordsafe}}}}
 +
* {{App|pwsafe|Unix commandline program that manages encrypted password databases.|http://nsd.dyndns.org/pwsafe/|{{Pkg|pwsafe}}}}
 +
* {{App|QPass|Easy to use password manager with built-in password generator.|http://qpass.sourceforge.net|{{AUR|qpass}}}}
 +
* {{App|Revelation|Password manager for the GNOME desktop.|http://revelation.olasagasti.info/|{{AUR|revelation}}}}
 +
* {{App|spm|Simple Password Manager written entirely in POSIX shell using PGP. Fast, lightweight and easily scriptable.|https://notabug.org/kl3/spm/}}
 +
* {{App|Seahorse|GNOME application for managing encryption keys and passwords in the GnomeKeyring.|https://wiki.gnome.org/Apps/Seahorse|{{Pkg|seahorse}}}}
 +
* {{App|Universal Password Manager|Allows you to store usernames, passwords, URLs and generic notes in an encrypted database protected by one master password.|http://upm.sourceforge.net/|{{AUR|upm}}}}

Latest revision as of 17:53, 24 October 2016

Security

For detailed guides, see the main ArchWiki page, Security.

Firewalls

See the main article: Firewalls.

See also Wikipedia:Comparison of firewalls.

Network security

  • Arpwatch — Tool that monitors ethernet activity and keeps a database of Ethernet/IP address pairings.
http://ee.lbl.gov/ || arpwatch
  • Bro — Powerful network analysis framework that is much different from the typical IDS you may know.
https://www.bro.org/ || not packaged? search in AUR
  • EtherApe — Graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
http://etherape.sourceforge.net/ || etherape
  • Honeyd — Tool that allows the user to set up and run multiple virtual hosts on a computer network.
http://www.honeyd.org/ || honeydAUR
  • IPTraf — Console-based network monitoring utility.
https://fedorahosted.org/iptraf-ng/ || iptraf-ng
  • Kismet — 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
http://www.kismetwireless.net/ || kismet
  • Nemesis — Command-line network packet crafting and injection utility.
http://nemesis.sourceforge.net/ || nemesis
  • Nmap — Security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network.
http://nmap.org/ || nmap
  • Ntop — Network probe that shows network usage in a way similar to what top does for processes.
http://www.ntop.org/ || ntop
  • Snort — Network intrusion prevention and detection system.
http://www.snort.org/ || snortAUR
  • Spectools — A set of utilities for spectrum analyzer hardware including Wi-Spy devices.
https://www.kismetwireless.net/spectools/ || spectoolsAUR
  • Sshguard — Daemon that protects SSH and other services against brute-force attacts, similar to Fail2ban.
http://www.sshguard.net/ || sshguard
  • Suricata — High performance Network IDS, IPS and Network Security Monitoring engine.
http://suricata-ids.org/ || suricataAUR
  • Tcpdump — Common console-based packet analyzer that allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network.
http://www.tcpdump.org/ || tcpdump
  • vnStat — Console-based network traffic monitor that keeps a log of network traffic for the selected interfaces.
http://humdi.net/vnstat/ || vnstat
  • Wireshark — Network protocol analyzer that lets you capture and interactively browse the traffic running on a computer network.
http://www.wireshark.org/ || wireshark-cli wireshark-qt wireshark-gtk

Threat and vulnerability detection

  • AFICK — Security tool that allows to monitor the changes on your files systems, and so can detect intrusions.
http://afick.sourceforge.net/ || afickAUR
  • Lynis — Security and system auditing tool to harden Unix/Linux systems.
https://cisofy.com/lynis/ || lynis
  • Metasploit Framework — An advanced open-source platform for developing, testing, and using exploit code.
http://www.metasploit.com/ || metasploit
  • Nessus — Comprehensive vulnerability scanning program.
http://www.nessus.org/products/nessus || nessusAUR
  • OpenVAS — Framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. FOSS Nessus fork.
http://www.openvas.org/ || openvas
  • Osiris — Tool for monitoring system integrity and changes across a network.
https://launchpad.net/osiris || osiris
  • OSSEC — Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
https://ossec.github.io/ || ossec-agentAUR ossec-localAUR ossec-serverAUR
  • Samhain — Host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
http://www.la-samhna.de/samhain/index.html || not packaged? search in AUR
  • Tiger — Security tool that can be use both as a security audit and intrusion detection system.
http://www.nongnu.org/tiger/ || tigerAUR
  • Tripwire — Intrusion detection system.
https://github.com/Tripwire/tripwire-open-source || tripwireAUR[broken link: archived in aur-mirror]

File security

  • AIDE — File and directory integrity checker.
http://aide.sourceforge.net/ || aide
  • Logcheck — Simple utility which is designed to allow a system administrator to view the logfiles which are produced upon hosts under their control.
https://logcheck.alioth.debian.org/ || not packaged? search in AUR
  • Logwatch — Customizable log analysis system.
http://sourceforge.net/projects/logwatch/ || logwatch
  • OpenDLP — OpenDLP is a free and open source, agent- and agentless-based, centrally-managed, massively distributable data loss prevention tool.
https://code.google.com/archive/p/opendlp/ || not packaged? search in AUR
  • Swatch — Utility that can monitor just about any type of log.
http://swatch.sourceforge.net/ || swatchAUR[broken link: archived in aur-mirror]

Anti malware

  • chkrootkit — Locally checks for signs of a rootkit.
http://www.chkrootkit.org/ || chkrootkitAUR
  • ClamAV — Open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
http://www.clamav.net/ || clamav
  • Linux Malware Detect — Malware scanner designed around the threats faced in shared hosted environments.
https://www.rfxn.com/projects/linux-malware-detect/ || maldetAUR
  • Rootkit Hunter — Checks machines for the presence of rootkits and other unwanted tools.
http://rkhunter.sourceforge.net/ || rkhunter

Backup programs

See the main article: Synchronization and backup programs.

See also Wikipedia:Comparison of backup software.

Screen lockers

Warning: Only sflock, physlock, Cinnamon Screensaver, MATE Screensaver and GNOME Screensaver are able to block tty access.
  • Cinnamon Screensaver — Screen locker for the Cinnamon desktop.
https://github.com/linuxmint/cinnamon-screensaver || cinnamon-screensaver
  • GNOME Screensaver — Screen locker for the GNOME Flashback desktop.
https://wiki.gnome.org/Projects/GnomeScreensaver || gnome-screensaver
  • i3lock — A simple screen locker. Provides user feedback, uses PAM authentication, supports DPMS. The background can be set to an image or solid color.
http://i3wm.org/i3lock/ || i3lock
  • i3lock-blur — Fork of i3lock which can use your desktop with the blur effect applied as a background.
https://github.com/karulont/i3lock-blur || i3lock-blurAUR
  • i3lock-wrapper — A simple wrapper around i3lock which sets up a blurred screenshot of the desktop as a background image.
https://github.com/ashinkarov/i3-extras || i3lock-wrapperAUR
  • Light-locker — A simple locker (forked from gnome-screensaver) that aims to have simple, sane, secure defaults and be well integrated with the desktop while not carrying any desktop-specific dependencies. It relies on LightDM for locking and unlocking your session via ConsoleKit/UPower or logind/systemd
https://github.com/the-cavalry/light-locker || light-locker
  • MATE Screensaver — Screensaver and locker for MATE Desktop Environment.
https://github.com/mate-desktop/mate-screensaver || mate-screensaver
  • physlock — Screen and console locker.
https://github.com/muennich/physlock || physlockAUR
  • sflock — Simple screen locker utility for X, based on slock. Provides a very basic user feedback.
https://github.com/benruijl/sflock || sflock-gitAUR
  • slock — Very simple and lightweight X screen locker. Offers only a black background when locked, there are no animations or text fields.
http://tools.suckless.org/slock || slock
  • sxlock — Fork of sflock with a few enhancements. Provides basic user feedback, uses PAM authentication, supports DPMS and RandR. Supports sxlock.service to lock the screen on suspend/hibernation. See the README for more information.
https://github.com/lahwaacz/sxlock || sxlock-gitAUR
  • tsscreenlock — Screen locker used in theShell. Shows music controls, and if used with theShell, also shows desktop notifications.
https://github.com/vicr123/tsscreenlock || tsscreenlockAUR
http://www.kbd-project.org || kbd
  • xlockmore — Simple X11 screen lock with PAM support.
http://www.tux.org/~bagleyd/xlockmore.html || xlockmore
  • XScreenSaver — Screen saver and locker for the X Window System.
http://www.jwz.org/xscreensaver/ || xscreensaver
  • XSecureLock — X11 screen lock utility designed with the primary goal of security.
https://github.com/google/xsecurelock || xsecurelock-gitAUR

Hash checkers

  • cfv — Tiny utility to both test and create checksum files, support .sfv, .csv, .crc, .md5, md5sum, sha1sum, .torrent, par, and .par2 files.
http://cfv.sourceforge.net/ || cfv
  • GtkHash — A GTK+ utility for computing message digests or checksums
http://gtkhash.sourceforge.net/ || gtkhashAUR
  • hashdeep — A cross-platform tools to computer hashes, or message digests, for any number of files
http://md5deep.sourceforge.net/ || md5deepAUR[broken link: archived in aur-mirror]
  • Parano — A GNOME frontend for creating/editing/checking MD5 and SFV files
http://parano.berlios.de/ || paranoAUR
  • Quick Hash GUI — A GUI to enable the rapid selection and subsequent hashing of files (individually or recursively throughout a folder structure) text and (on Linux) disks.
http://sourceforge.net/projects/quickhash/ || not packaged? search in AUR
  • RHash — Utility for verifying hash sums (SFV, CRC, etc). Supports lots of algorithms.
http://rhash.anz.ru/ || rhash
  • MassHash — A set of file hashing tools (both CLI and GTK+ GUI) written in Python. Supported algorithms include MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512.
http://jdleicher.github.io/MassHash/ || masshashAUR

Encryption, signing, steganography

  • ccrypt — A command-line utility for encrypting and decrypting files and streams.
http://ccrypt.sourceforge.net/ || ccrypt
  • Enigmaila security extension to Mozilla Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard.
https://enigmail.net || thunderbird-enigmailAUR
  • GnuPG — The GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880. Free and Open Source replacement of PGP, mostly used for digital signing of packages.
http://gnupg.org/ || gnupg
  • gzsteg — A utiltiy that can hide data in gzip compressed files
http://www.nic.funet.fi/pub/crypt/steganography/ || not packaged? search in AUR
  • KGpga simple interface for GnuPG for KDE.
https://www.kde.org/applications/utilities/kgpg/ || kdeutils-kgpg
  • SeahorseGNOME application for managing encryption keys and passwords in the GnomeKeyring.
https://wiki.gnome.org/Apps/Seahorse/ || seahorse
  • silenteye — A steganography application written in C++, use Qt4 library.
http://www.silenteye.org/ || not packaged? search in AUR
  • snow — Steganography program for concealing messages in text files
http://www.darkside.com.au/snow/ || snowAUR[broken link: archived in aur-mirror]
  • steghide — A steganography utility that is able to hide data in various kinds of image and audio files.
http://steghide.sourceforge.net || steghide
  • stegparty — A steganography utility hides text by typoing text existing text files.
https://github.com/countrygeek/stegparty || stegpartyAUR[broken link: archived in aur-mirror]

Password managers

  • Console Password Manager — Curses based password manager using PGP-encryption.
https://github.com/comotion/cpm || cpmAUR[broken link: archived in aur-mirror]
  • Enpass — A multiplatform password manager
https://www.enpass.io/ || enpass-binAUR
http://als.regnet.cz/fpm2/ || fpm2AUR
  • GPass — Password manegement software for GNOME2 desktop.
https://github.com/raffael-sfm/gpass || gpassAUR
  • GPassword Manager — Simple, lightweight and cross-platform utility for managing and accessing passwords.
http://sourceforge.net/projects/gpasswordman/ || gpasswordmanAUR[broken link: archived in aur-mirror]
  • Gtkpass — Gtkpass is a GTK and Libkpass-based password manager for KeePass 1.x databases.
https://sourceforge.net/projects/gtkpass/ || gtkpassAUR[broken link: archived in aur-mirror]
  • Ked Password Manager — A password manager that helps to manage large numbers of passwords.
http://kedpm.sourceforge.net || kedpmAUR
  • KeePass Password Safe — Free open source Mono-based password manager, which helps you to manage your passwords in a secure way.
http://keepass.info/ || keepass
  • KeePassC — KeePassC is a curses-based password manager compatible to KeePass v.1.x and KeePassX.
https://raymontag.github.com/keepassc || keepasscAUR
  • KeePassX — Free and open source Qt-based password manager. Compatible with KeePass v.1.x and KeePass v.2.x.
http://www.keepassx.org/ || keepassx keepassx2
  • MyPasswords — What you need for managing your passwords, including the passwords of your online accounts, bank accounts and ... with the corresponding URLs.
http://sourceforge.net/projects/mypasswords7/ || not packaged? search in AUR
  • MyPasswordSafe — Easy-to-use QT based password manager, compatible with Password Safe files (and therefore pwsafe).
http://www.semanticgap.com/myps/ || mypasswordsafeAUR[broken link: archived in aur-mirror]
  • Pasaffe — Easy to use password manager for Gnome with a Password Safe 3.0 compatible database.
https://launchpad.net/pasaffe || pasaffeAUR[broken link: archived in aur-mirror]
  • pass — Simple console based password manager
http://www.passwordstore.org/ || pass
  • Password Gorilla — A cross-platform password manager.
https://github.com/zdia/gorilla/wiki/ || password-gorillaAUR
  • Password Safe — Simple and secure password manager.
http://passwordsafe.sourceforge.net/ || passwordsafeAUR
  • pwsafe — Unix commandline program that manages encrypted password databases.
http://nsd.dyndns.org/pwsafe/ || pwsafe
  • QPass — Easy to use password manager with built-in password generator.
http://qpass.sourceforge.net || qpassAUR
  • Revelation — Password manager for the GNOME desktop.
http://revelation.olasagasti.info/ || revelationAUR
  • spm — Simple Password Manager written entirely in POSIX shell using PGP. Fast, lightweight and easily scriptable.
https://notabug.org/kl3/spm/ || not packaged? search in AUR
  • Seahorse — GNOME application for managing encryption keys and passwords in the GnomeKeyring.
https://wiki.gnome.org/Apps/Seahorse || seahorse
  • Universal Password Manager — Allows you to store usernames, passwords, URLs and generic notes in an encrypted database protected by one master password.
http://upm.sourceforge.net/ || upmAUR