Test Updates for Leap 42.2

Test Updates for Leap 42.3

Various security tools that don't need their own subproject.

Please have a look at the Subprojects, listed at the 'Subprojects' tab for more tools.

AIDE is an intrusion detection system that checks file integrity

It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (see below) that are used to check the integrity of the file. All of the usual file attributes can also be checked for inconsistencies. It can read databases from older or newer versions. See the manual pages within the distribution for further info.

This is a set of tools that detect rootkit (a program that hides the presence of attackers) symptoms on a system. Rootkits can hide using kernel modules, but they always leave some small traces that can be detected with this program. However, it is always recommended to use this program from a rescue system or a system with a similar purpose.

NOTE: Automatically created during Factory devel project migration by admin.

Cosign aims to make signatures invisible infrastructure.

Cosign supports:

- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in

NOTE: Automatically created during Factory devel project migration by admin.

NOTE: Automatically created during Factory devel project migration by admin.

FIPSCheck is a library for integrity verification of FIPS validated
modules. The package also provides helper binaries for creation and
verification of the HMAC-SHA256 checksum files.

The haveged daemon feeds the linux entropy pool with random
numbers generated from hidden processor state.

For more information see http://www.issihosts.com/haveged/

The hmaccalc package contains tools which can calculate HMAC (hash-based
message authentication code) values for files. The names and interfaces are
meant to mimic the sha*sum tools provided by the coreutils package.

Tools for EVM enrolling of the Integrity Measurement Architecture EVM Tools.

SINIT AC modules for trusted boot on Intel(R) Trusted Execution Technology(INTER(R) TXT) ssystems

NOTE: Automatically created during Factory devel project migration by admin.

libkcapi allows user-space to access the Linux kernel crypto API.

libkcapi uses this Netlink interface and exports easy to use APIs so that a developer does not need to consider the low-level Netlink interface handling.

The library does not implement any cipher algorithms. All consumer requests are sent to the kernel for processing. Results from the kernel crypto API are returned to the consumer via the library API.

The kernel interface and therefore this library can be used by unprivileged processes.

The focus during the development of this library is put on speed. This library does not perform any memcpy for processing the cryptographic data! The library uses scatter / gather lists to eliminate the need for moving data around in memory.

libkcapi allows user-space to access the Linux kernel crypto API.

libkcapi uses this Netlink interface and exports easy to use APIs so that a developer does not need to consider the low-level Netlink interface handling.

The library does not implement any cipher algorithms. All consumer requests are sent to the kernel for processing. Results from the kernel crypto API are returned to the consumer via the library API.

The kernel interface and therefore this library can be used by unprivileged processes.

The focus during the development of this library is put on speed. This library does not perform any memcpy for processing the cryptographic data! The library uses scatter / gather lists to eliminate the need for moving data around in memory.

A library providing TPM functionality for VMs. Targeted for integration
into Qemu.

Lynis is a security and system auditing tool. It scans a system on the most interesting parts useful for audits, like:
- Security enhancements
- Logging and auditing options
- Banner identification
- Software availability

Lynis is released as a GPL licensed project and free for everyone to use.

See http://www.rootkit.nl for a full description and documentation.

OpenSCAP is a set of open source libraries providing an easier path for integration of the SCAP line of standards.

SCAP is a line of standards managed by NIST with the goal of providing a standard language for the expression of Computer Network Defense related information.

More information about SCAP can be found at nvd.nist.gov.

openscap report generator

Control physical access to a linux computer by locking all of its virtual
terminals / consoles.

physlock is an alternative to vlock, it is equivalent to `vlock -an'. It is
written because vlock blocks some linux kernel mechanisms like hibernate and
suspend and can therefore only be used with some limitations. physlock is
designed to be more lightweight, it does not have a plugin interface and it is
not started using a shell script wrapper.

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-repudiation of an object's lifecycle. For more details visit the sigstore website

The Rekor project provides a restful API based server for validation and a transparency log for storage. A CLI application is available to make and verify entries, query the transparency log for inclusion proof, integrity verification of the transparency log or retrieval of entries by either public key or artifact.

Rekor fulfils the signature transparency role of sigstore's software signing infrastructure. However, Rekor can be run on its own and is designed to be extensible to working with different manifest schemas and PKI tooling.