OpenVPN is a robust and highly configurable VPN (Virtual Private Network) daemon which can be used to securely link two or more private networks using an encrypted tunnel over the internet. Read more hot
xllmnrd is an IPv6 LLMNR responder daemon. It allows Microsoft Windows clients to get the IPv6 address of a Linux server on the same local network without any DNS configuration. new
ACL Policy Daemon for Postfix
ACL Policy Daemon is a program that communicates with the Postfix MTA using the Policy Delegation Protocol implementing an ACL (Access Control List) system, making very easy to improve and create nice controls on your e-mail traffic. You can use it to verify SPF records too.
Active port forwarder
Active port forwarder is a software tool for secure port forwarding. It uses SSL to increase security of communication between a server and a client. Originally, it was developed to forward data point to point. However, the need for bypassing firewalls in order to connect to internally located computers influenced the further development of the project.
a UNIX daemon for changing WEP keys of WLAN devices in constant intervals. The WEP keys are calculated by encrypting the current UNIX time using the AES cypher with a given constant key. aeswepd strengthens the security of the weak hardware based, standards compliant WEP technology
a simple daemon and client for sending keepalive messages. The server keeps a list of hostname to IP address, useful for when a remote DHCP client changes IP addresses
Arandomd is a network daemon that provides statistically tested random output from a CSPRNG to anyone able to connect to its listening TCP port.
authfail is a program that goes with real time updating on FIFO file and adds IP into netfilter with DROP/REJECT policy in real time. The FIFO file is /dev/authfail. The rejected hosts database is located in /var/log/authfail. Each time a given host will do an "authentication failure" via syslog, authfail will count it. If this occure more than the parameters given to authfail, the given host will be REJECTED/DROPPED via Netfilter. Whois notification is possible.
a TCP/IP daemon to transfer files between two Fidonet systems
bridged is a user-land alternative to in-kernel ethernet bridge for Linux. Like its kernel counterpart it uses AVL trees to speed up lookups. Currently it only offers basic
CloudVPN is a VPN that allows mesh networking. It can create secured networks with special or weird topologies. All nodes of the network are equal and can connect in any way, so it's very easy to create connection schemes with (for example) clustered servers, decentralized servers, complete topologies for better throughput, ring topologies for failover, long-line for passing through many routes, or tree topology for optimizing inter-server bandwidth needs. It is very easy to get working.
a set of patches for the "Universal NFS Daemon" (UNFSD) to allow multiple diskless clients to nfs mount the same root filesystem by providing "interpreted" file names
Crossroads Load Balancer
Crossroads is a load balance and fail over utility for TCP based services. It is a daemon program running in user space, and features extensive configurability, polling of back ends using 'wakeup calls', detailed status reporting, 'hooks' for special actions when backend calls fail, and much more. Crossroads is service-independent: it is usable for HTTP(S), SSH, SMTP, DNS, etc.
CryptNET Peer Cache Daemon
CryptNET Peer Cache Daemon provides a bootstrapping solution to allow p2p servlets to connect to existing p2p networks. The GWebCache and UHC protocols are implemented. It was designed for the GNU/Linux platform, is written in C, and uses the pthreads library..
Daemon Shield is a daemon that creates realtime dynamic, expirable iptables rules to block/drop IP addresses attempting brute-force breakin attacks on a linux host via ssh or other mechanism. Highly customizable and extensible.
dhcpcd is an implementation of the DHCP client specified in RFC2131.
ethtool is a Linux net driver diagnostic and tuning tool for the Linux 2.4.x (or later) series of kernels.
Fiked is a fake IKE daemon supporting just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi MitM attack.
FastFwD is a small daemon that allows users to set up port forwarding from a source IP address and port number to a target IP address and port number easily without the need to deal with complicated ipchains/iptables-rules.
fusemb is a small daemon which maps Microsoft network hierarchy into Unix filesystem subtree, using libsmbclient to obtain information about entries in the SMB network and FUSE (Filesystem In UserSpace) to allow seamless network browsing using standard Unix ways.
fwdaemon is a Linux firewall runtime backend. Any client application can communicate with the fwdaemon and decide what network network flow can be accepted or which should be dropped.
giFT is a bridge between P2P protocols and front-ends. It is implemented as a modular daemon able to load multiple back-end protocols exposed to the user via an XML-like interface protocol.
GPU-SD is a daemon and library for the discovery and announcement of graphics processing units using ZeroConf.
a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems
HTTPAuth is a daemon and framework for authenticating HTTP requests. It supports Basic and Digest authentication against various databases such as LDAP, PostgreSQL or MYSQL. It also supports NTLM authentication against a Windows Server.
a telnet-like protocol. It allows users to connect to a remote host and to open a shell using only ICMP to send and receive data
using the InterNet Control Message Protocol (ICMP) "ECHO" facility, monitors several hosts, and notify admin if some of them are down
IDSA can be used as a system logger and tcpd (tcp wrapper) replacement, where the tcp wrappers request permission from the core idsa system to accept an incoming connection.
ifplugd automaticallys configure your ethernet device when a cable is plugged in and automatically unconfigure it if the cable is pulled. This is useful on laptops with onboard network adapters, since it will only configure the interface when a cable is really connected.
IM-Filter is a daemon that runs on a firewall and filters ICQ traffic. The daemon can identify file transfers, handle UIN and word blacklists, manage a list with currently logged in users, and log messages sent via the ICQ protocol. The modular design allows implementation of other protocols like MSN or IRC.
IMAPEngine is an IMAP email server that stores all email and mailbox data within a tdbengine database structure. Thus it provides high performance even with a huge number of email accounts, messages and folders.
inetdxtra is a collection of inetd servers aimed at low-powered hardware like the Linksys NSLU2. It comprises a lightweight DNS, DHCP, MVPrelay, SMTP, WWW, and XMPP/Jabber server.
listens for traffic on the specified interfaces. It has the built-in RSH and NetFlow engines to allow exporting the accounting data the same way as Cisco routers do
a set of internet protocol service daemons for Unix. It currently includes a TCP/IP service daemon, and a UDP/IP service daemon
The Internet Registry Routing Daemon: a streamlined, stand-alone Internet Routing Registry database server that supports RIPE-181, RPSL, and RPSLng routing registry syntaxes. The IRRd package includes additional utilities, tools, and services to securely manage and maintain the database
JubJub is a daemon for server side logging of XMPP packets. JubJub is based upon a module architecture, so it is possible to flexibly reassign handlers for different types of XMPP packets. Originally, JubJub was designed for ejabberd server. JubJub is named after a collateral character of the famous poem by Lewis Carroll.
kimono is a network service monitor similar to sysmon. it aims to monitor services to such an extend that the administrator can be certain of its function, and in case of failure alert in a number of ways. it stores all data (by default) in an SQL database. The data is collected through a daemon.
a much-improved Linux NFS server with support for NFSv3 as well as NFSv2
knockd is a port-knock server. It listens to all traffic on an ethernet (or PPP) interface, looking for special "knock" sequences of port-hits. A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server.
Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries.
Ktell is a user level daemon that monitors expiration time of Kerberos ticket granting tickets. It will send a warning to the user's least idle tty when a certain time is reached before the ticket will expire.
a daemon that extends IPFilter's simple round-robin L4 load balancing with health checks. It takes care of monitoring and dynamically adding and removing ipnat rules in the kernel
linetd is a small inetd or xinetd replacement. It does not use a configuration file and can be run from the commandline by a nonroot user.
a daemon (service) designed to take over the job of properly closing network connections from an http server like Apache
a log filtering "daemon" written in Perl
Looper Event / Alert System
a free open-sourced *NIX application designed to greatly simplify the event / alert model
LSM-PKCS11 is a package intended to support the implementation of Lite Security Modules, i.e. a kind of not certified Software or Hardware Security Modules (HSM, SSM). The targets of such implementations are PKIs (Public Keys Infrastructures) for intra-company and network applications, requiring a non-trivial security level but not so 'budgeted' to allow the acquisition of true (certified) HSMs, whose cost starts from as little as some thousands dollars.
Lsyncd (Live Syncing (Mirror) Daemon) uses rsync to synchronize local directories with a remote machine running rsyncd. It watches multiple directory trees through inotify. The first step after adding the watches is to rsync all directories with the remote host, and then the software synchronizes single files by collecting the inotify events. lsyncd is a lightweight live mirror solution that should be easy to install and use while blending well with your system.
a cluster monitoring daemon written originally with the intention of replacing tools like ldirectord and mon with regards to maintaining LVS tables
mbsyslog is a soup-to-nuts implementation of syslogd. Runs as separate modules which enhance security and allow sys admins to introduce stdin-stdout filters between modules. Distributed under the GPL.