Marcus Meissner
msmeissn
- ibs-maintenance-team 2 tasks
- maintenance-opensuse.org 3 tasks
- proactive-security 0 tasks
- qam-openqa 4 tasks
- reactive-security 0 tasks
- security-team 37 tasks
Involved Projects and Packages
libkcapi allows user-space to access the Linux kernel crypto API.
libkcapi uses this Netlink interface and exports easy to use APIs so that a developer does not need to consider the low-level Netlink interface handling.
The library does not implement any cipher algorithms. All consumer requests are sent to the kernel for processing. Results from the kernel crypto API are returned to the consumer via the library API.
The kernel interface and therefore this library can be used by unprivileged processes.
The focus during the development of this library is put on speed. This library does not perform any memcpy for processing the cryptographic data! The library uses scatter / gather lists to eliminate the need for moving data around in memory.
libkcapi allows user-space to access the Linux kernel crypto API.
libkcapi uses this Netlink interface and exports easy to use APIs so that a developer does not need to consider the low-level Netlink interface handling.
The library does not implement any cipher algorithms. All consumer requests are sent to the kernel for processing. Results from the kernel crypto API are returned to the consumer via the library API.
The kernel interface and therefore this library can be used by unprivileged processes.
The focus during the development of this library is put on speed. This library does not perform any memcpy for processing the cryptographic data! The library uses scatter / gather lists to eliminate the need for moving data around in memory.
A library providing TPM functionality for VMs. Targeted for integration
into Qemu.
Lynis is a security and system auditing tool. It scans a system on the most interesting parts useful for audits, like:
- Security enhancements
- Logging and auditing options
- Banner identification
- Software availability
Lynis is released as a GPL licensed project and free for everyone to use.
See http://www.rootkit.nl for a full description and documentation.
OpenSCAP is a set of open source libraries providing an easier path for integration of the SCAP line of standards.
SCAP is a line of standards managed by NIST with the goal of providing a standard language for the expression of Computer Network Defense related information.
More information about SCAP can be found at nvd.nist.gov.
openscap report generator
Control physical access to a linux computer by locking all of its virtual
terminals / consoles.
physlock is an alternative to vlock, it is equivalent to `vlock -an'. It is
written because vlock blocks some linux kernel mechanisms like hibernate and
suspend and can therefore only be used with some limitations. physlock is
designed to be more lightweight, it does not have a plugin interface and it is
not started using a shell script wrapper.
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-repudiation of an object's lifecycle. For more details visit the sigstore website
The Rekor project provides a restful API based server for validation and a transparency log for storage. A CLI application is available to make and verify entries, query the transparency log for inclusion proof, integrity verification of the transparency log or retrieval of entries by either public key or artifact.
Rekor fulfils the signature transparency role of sigstore's software signing infrastructure. However, Rekor can be run on its own and is designed to be extensible to working with different manifest schemas and PKI tooling.
Package built based on https://github.com/ComplianceAsCode/content
scrub overwrites hard disks, files, and other devices with repeating
patterns intended to make recovering data from these devices more
difficult. Although physical destruction is unarguably the most reliable
method of destroying sensitive data, it is inconvenient and costly. For
certain classes of data, organizations may be willing to do the next
best thing which is scribble on all the bytes until retrieval would
require heroic efforts in a lab.
scrub implements several different algorithms for this:
nnsa - U.S. NNSA Policy Letter NAP-14.1-C
dod - U.S. DoD 5220.22-M
usarmy - U.S. Army AR380-19
bsi - German Center of Security in Information Technologies
gutmann - 35-pass algorithm from Peter Gutmann's 1996 paper
schneier - algorithm described in Bruce Schneier's Applied Cryptography (1996)
pfitzner7 - Roy Pfitzner's 7-random-pass method
pfitzner33 - Roy Pfitzner's 33-random-pass method
The SWTPM package provides TPM emulators with different front-end interfaces
to libtpms. TPM emulators provide socket interfaces (TCP/IP) and the Linux
CUSE interface for the creation of multiple native /dev/vtpm* devices.
Those can be the targets of multiple QEMU cuse-tpm instances.
Trusted Boot (tboot) is an open source, pre-kernel/VMM module that uses Intel(R) Trusted Execution Technology (Intel(R) TXT) to perform a measured and verified launch of an OS kernel/VMM.
Tomoyo userland tools.
NOTE: Automatically created during Factory devel project migration by admin.
The trousers package provides a TSS implementation through the help of a user-space daemon, the tcsd, and a library Trousers aims to be compliant to the 1.1b and 1.2 TSS specifications as available from the Trusted Computing website http://www.trustedcomputinggroup.org/.
The package needs the /dev/tpm device file to be present on your system. It is a character device file major 10 minor 224, 0600 tss:tss.
NOTE: Automatically created during Factory devel project migration by admin.
The trousers package provides a TSS implementation through the help of a user-space daemon, the tcsd, and a library Trousers aims to be compliant to the 1.1b and 1.2 TSS specifications as available from the Trusted Computing website http://www.trustedcomputinggroup.org/.
The package needs the /dev/tpm device file to be present on your system. It is a character device file major 10 minor 224, 0600 tss:tss.
This project contains forensic tools and libraries.
SuSEfirewall2 implements a packet filter that protects hosts and
routers by limiting which services or networks are accessible on the
host or via the router.
SuSEfirewall2 uses the iptables/netfilter packet filtering
infrastructure to create a flexible rule set for a stateful firewall.
This projects provides new and updated packages for cryptography and privacy and their dependencies for maintained distribution versions of openSUSE and SLE.
This project is a staging project for rpmlint testing.
ZoneMinder
Irssi is a modular IRC client for UNIX that currently only has a text
mode user interface. However, 80-90% of the code is not text mode
specific, so other UIs could be created easily. Also, Irssi is not
really even IRC specific anymore. There are already working SILC and
ICB modules available. Support for other protocols, like ICQ and
Jabber, could be added some day, too.
It is the code that separates Irssi from ircII, BitchX, epic, and the
rest of the text clients. It is not using the ircII code.
Authors:
--------
Timo Sirainen
Mon | |||||||||||||||||||||||||||||||||||||||||||||||||||||
Tue | |||||||||||||||||||||||||||||||||||||||||||||||||||||
Wed | |||||||||||||||||||||||||||||||||||||||||||||||||||||
Thu | |||||||||||||||||||||||||||||||||||||||||||||||||||||
Fri | |||||||||||||||||||||||||||||||||||||||||||||||||||||
Sat | |||||||||||||||||||||||||||||||||||||||||||||||||||||
Sun |
- 5 commits in openSUSE:Maintenance:18562
- 5 commits in openSUSE:Maintenance:18570
- 4 commits in openSUSE:Maintenance:18554
- and in 10 projects more