This layer provides security tools, hardening tools for Linux kernels and libraries for implementing security mechanisms.

Mailing list

Git repository

git:// web repo

Last commit: 1 month, 3 weeks ago (master branch)


  • Armin Kuster (all) email


The meta-security layer depends upon:

Recipe name Version Description
aide 0.17.4 Advanced Intrusion Detection Environment
aircrack-ng 1.6 Aircrack-ng is a set of tools for auditing wireless networks
apparmor 3.1.3 AppArmor another MAC control system
arpwatch 3.3
bastille 3.2.1 Linux hardening tool
buck-security 0.7 Linux security scanner
ccs-tools 1.8.9 Tomoyo
checksec 2.6.0 Linux system security checks
checksecurity 2.0.16 basic system security checks
chipsec 1.9.1 CHIPSEC: Platform Security Assessment Framework
chkrootkit 0.57 locally checks for signs of a rootkit
clamav 0.104.4 ClamAV anti-virus utility for Unix - command-line interface
crowdsec 1.1.1 CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network.
cryptmount 6.2.0 Linux encrypted filesystem management tool
ding-libs 0.6.1 Dynamic hash table implementation
dm-verity-image-initramfs 1.0 Simple initramfs image for mounting the rootfs over the verity device mapper.
ecryptfs-utils 111 The eCryptfs mount helper and support libraries
firejail 0.9.72 Linux namespaces and seccomp-bpf sandbox
fscrypt 1.1.0 fscrypt is a high-level tool for the management of Linux filesystem encryption
fscryptctl 1.1.0 low-level tool handling Linux filesystem encryption
glome 0.1+gitX GLOME Login Client
google-authenticator-libpam 1.09 Google Authenticator PAM module
ibmswtpm2 183-2024-03-27 IBM's Software TPM 2.0
ibmtpm2tss 2.2.0 IBM's Software TPM 2.0 TSS
ima-evm-utils 1.5 IMA/EVM control utility
isic 0.07 ISIC -- IP Stack Integrity Checker
krill 0.12.3 Resource Public Key Infrastructure (RPKI) daemon
lib-perl 0.63 This is a small simple module which simplifies the manipulation of @INC at compile time. It is typically used to add extra directories to Perl's search path so that later 'use' or 'require' statements will find modules which are not located in the default search path.
libest 3.2.0 EST is used for secure certificate enrollment and is compatible with Suite B certs (as well as RSA and DSA certificates)
libgssglue 0.8 Exports a gssapi interface which calls other gssapi libraries
libhoth git Google Hoth USB library
libhtp 0.5.45 LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces.
libmhash Library of hashing algorithms.
libmspack 1.11 A library for Microsoft compression formats
libtpm 0.9.6 LIBPM - Software TPM Library
libwhisker2-perl 2.5 Libwhisker is a Perl module geared specificly for HTTP testing.
lkrg-module 0.9.7 Linux Kernel Runtime Guard
lynis 3.1.1 Lynis is a free and open source security and auditing tool.
mmap-smack-test 1.0 Mmap binary used to test smack mmap attribute
ncrack 0.7 Network authentication cracking tool
nikto 2.1.6 web server scanner
opendnssec 2.1.10 OpenDNSSEC is a policy-based zone signer that automates the process of keeping track of DNSSEC keys and the signing of zones
openscap 1.3.9
openssl-tpm-engine 0.5.0 OpenSSL secure engine based on TPM hardware
ossec-hids 3.7.0 A full platform to monitor and control your systems
packagegroup-core-security 1.0 Security packagegroup for Poky
parsec-service 1.3.0 Platform AbstRaction for SECurity Daemon
parsec-tool 0.7.0 Parsec Command Line Interface
paxctl 0.9 paxctl is a tool that allows PaX flags to be modified on a per-binary basis. PaX is part of common security-enhancing kernel patches and secure distributions, such as GrSecurity or Adamantix and Hardened Gen-too, respectively.
pcr-extend 0.1+gitX Command line utility to extend hash of arbitrary data into a TPMs PCR.
python3-fail2ban 1.0.2 Daemon to ban hosts that cause multiple authentication errors.
python3-flask-script 2.0.6 Scripting support for flask
python3-json2html 1.3.0 Python wrapper to convert JSON into a human readable HTML Table representation.
python3-oauth2client 4.1.3 Add version info to file paths.
python3-privacyidea 3.9.1 identity, multifactor authentication (OTP), authorization, audit
python3-pyinotify 0.9.6 Python pyinotify: Linux filesystem events monitoring
python3-segno 1.5.2 QR Code and Micro QR Code generator for Python 2 and Python 3
python3-tpm2-pytss 2.1.0 TPM2 TSS Python bindings for Enhanced System API (ESYS), Feature API (FAPI), Marshaling (MU), TCTI Loader (TCTILdr), TCTIs, policy, and RC Decoding (rcdecode) libraries
python3-xmldiff 2.6.3 Creates diffs of XML files
python3-yamlpath 3.8.0 YAML Path and Command-Line Tools
redhat-security 1.0 redhat security tools
samhain-client 4.4.10 Provides file integrity checking and log file monitoring/analysis
samhain-server 4.4.10 Provides file integrity checking and log file monitoring/analysis
samhain-standalone 4.4.10 Provides file integrity checking and log file monitoring/analysis
scap-security-guide 0.1.71
security-build-image 1.0 A small image for building meta-security packages
security-client-image 1.0 A Client side Security example
security-server-image 1.0 A Serve side image for Security example
security-test-image 1.0 A small image for building meta-security packages
smack 1.3.1 Selection of tools for developers working with Smack
smack-test 1.0 Smack test scripts
sshguard 2.4.3
sssd 2.9.2 system security services daemon
suricata 7.0.0 The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine
swtpm 0.8.1 SWTPM - Software TPM Emulator
tcp-smack-test 1.0 Binary used to test smack tcp sockets
tpm-quote-tools 1.0.4 The TPM Quote Tools is a collection of programs that provide support for TPM based attestation using the TPM quote mechanism.
tpm-tools The tpm-tools package contains commands to allow the platform administrator the ability to manage and diagnose the platform's TPM.
tpm2-abrmd 3.0.0 TPM2 Access Broker & Resource Manager
tpm2-openssl 1.1.1 Provider for integration of TPM 2.0 to OpenSSL 3.0
tpm2-pkcs11 1.9.0 A PKCS#11 interface for TPM2 hardware
tpm2-tools 5.5 Tools for TPM2.
tpm2-tss 4.0.1 Software stack for TPM2.
tripwire Tripwire: A system integrity assessment tool (IDS)
trousers 0.3.15+gitX TrouSerS - An open-source TCG Software Stack implementation.
udp-smack-test 1.0 Binary used to test smack udp sockets