Free and Open Source Software in use at the DOD, from thisDOD/DISA Report
|
Application |
Description |
License |
References |
| ACE = ADAPTIVE Communication Environment. ACE is a toolkit for creating software to perform common cross-platform network communication tasks. ACE helps create software for demultiplexing, event handler dispatching, signal handling, service initialization, interprocess communication, message routing, dynamic reconfiguration of distributed services, shared memory management, concurrent execution, and process synchronization. The TAO real-time CORBA ORB is a major component of ACE. | http://www.cs.wustl.edu/~schmidt/ACE-overview.html | ||
| TAO is a standards-based (CORBA) "Object Request Broker" (ORB) that allows programs located on many networked computers to work together securely and in real-time. | http://www.cs.wustl.edu/~schmidt/TAO.html | ||
| ACID = Analysis Console for Intrusion Databases. ACID is a PHP-based analysis engine used to search and process databases of security events generated by various intrusion detection systems, firewalls, and network monitoring tools. | http://www.cert.org/kb/acid/ | ||
| AMANDA = Advanced Maryland Automatic Network Disk Archiver. AMANDA allows a single master backup server to back up large sets of workstations running multiple versions of Unix. AMANDA can also use SAMBA to back up Microsoft Windows 95/NT systems. | http://www.amanda.org/ | ||
| A web server is the software that presents web pages to Internet users. Apache is easily the most popular and widely used web server (open or closed source) on the Internet. It is popular for its reliability, security, range of features, and low cost. | http://www.apache.org/ | ||
| Autoconf adapts software source code to many kinds of Unix-like systems without manual user intervention. | http://www.gnu.org/software/autoconf/ | ||
| For software development, Automake generates Makefiles that are compliant with GNU coding standards. | http://sources.redhat.com/automake/ | ||
| The default command line interface for Linux. It is used both to create scripts (high level programs), and to interact directly with the operating system. | http://www.gnu.org/software/bash/bash.html | ||
| The Bastille Hardening System is a package of adjunct software that can be used to "harden" the Linux operating system. The goal of Bastille is to provide the greatest possible security while keeping the system easy to use. Bastille currently supports the Red Hat and Mandrake Linux distributions, and in late 2002 to early 2003 is also expected to support the Debian, SuSE, and TurboLinux distributions of Linux. Support for the proprietary HP-UX operating system is also planned. | http://www.bastille-linux.org/ | ||
| BIND = Berkeley Internet Name Domain. It is BIND that allows easy-to-use URL text names (e.g., place.com) to be used to identify web sites, instead of the long numeric addresses that the Internet itself uses. Nearly all systems and commercial software that connect to the Internet use BIND. | http://www.isc.org/products/BIND/ | ||
| C++ Boost is a web site that provides a broad range of free, portable, high-quality, peer-reviewed C++ source libraries. The site emphasizes compatibility with the C++ Standard Library, and holds many candidates for eventual inclusion in than library. | http://www.boost.org/ | ||
| CIS = Center for Internet Security. The CIS Benchmarks are a set of documents that specify in detail how to configure common operating systems for maximum security. An associated collection of freeware Scoring Tools provide automated checks of how closely a given system comes to meeting the Benchmark specifications. The Benchmarks documents are developed and maintained using an easily-to-join community-style (limited FOSS) development process. However, the associated scoring tools are zero-cost freeware, not FOSS, and are provided in binary form only (no source code). (See the HOSTS tool for a FOSS analog to the CIS Scoring Tools.) | http://www.cisecurity.org/ | ||
| Colt is a free collection of high-quality scientific and mathematical software written in Java. It includes software for efficient data structures, data analysis, linear algebra, multi-dimensional arrays, histoprogramming, Monte Carlo simulation, and parallel and concurrent programming. Colt serves as a constantly evolving repository for some of the best concepts and designs for such software. | http://tilde-hoschek.home.cern.ch/~hoschek/colt/ | ||
| Condor is a computing environment that allows scientists and engineers to harness the capacity of large collections of distributed Unix systems (workstations and PCs running Linux or BSD) to solve processing-intensive problems. Future versions may also work with Windows. | http://www.cs.wisc.edu/condor/ | ||
| COPS = Computer Oracle and Password System. COPS analyzes Unix-like systems for weaknesses. | http://www.tripwire.org/qanda/faq.php | ||
| Crack is used by network admins to verify the quality of user passwords by attempting to break or "crack" those passwords. | http://www.uazone.org/demch/analysis/sec-inchtools.html#5.2 | ||
| CVS = Concurrent Versions System. CVS is a popular system for helping software development projects keep track of the history and any multiple versions of the source code they develop. CVS can be used in a wide range of project sizes. | http://www.cvshome.org/ | ||
| Originally developed by MITRE and later released as FOSS. Used by over 5000 people for collaboration. Currently being phased out at NSA in favor of the commercial InfoWorkSpace product from ezenia!, as per directions by Congress and the DoD. The InfoWorkSpace product includes elements of the CVW design. | http://cvw.sourceforge.net/ | ||
| A surprisingly complete Linux-like emulation of Unix and the Unix tool set for use on Windows systems. Cygwin provides access to useful Unix tools and capabilities without requiring users to restart their systems or go to another computer. | http://www.cygwin.com/ | ||
| GNU DDD is a graphical front-end for debugging tools. It is noted for its ability to display debugging data in a convenient chart format. | http://www.gnu.org/software/ddd/ | ||
| DjVuLibre provides efficient distribution and display of images in a variety of compressed formats. | http://djvu.sourceforge.net/ | ||
| EADSIM = Extended Air Defense Simulation. Combat developers, materiel developers, and operational commanders use EADSIM simulations to assess the effectiveness of Theater Missile Defense (TMD) and air defense systems against a full spectrum of extended air defense threats. It is provided without charge under a restricted community (versus FOSS) license. | http://www.eadsim.com/EADSIMBrochure.html | ||
| A full-functioned and popular editing tool that is especially useful for creating software. There are multiple "families" of Emacs, such as GNU Emacs and X-Emacs, for use in different environments. Emacs also supports language-specific extensions that are widely used for development in languages such as Java and C. | http://www.gnu.org/software/emacs/emacs.html | ||
| eTrust is a closed source network security evaluation and monitoring tool with FOSS (OpenSSL toolkit) origins. | http://www3.ca.com/Solutions/Solution.asp?ID=271 | ||
| Expect is a system admin and user tool for automating and testing interactive Unix applications such as telnet, ftp, passwd, fsck, and rlogin. It can be used to greatly simplify and automate tasks that would be prohibitively time consuming and costly if done interactively by people. | http://expect.nist.gov/ | ||
| The Unix-like operating BSD operating systems are FOSS competitors to Linux, and are notable for having generally higher levels of reliability and security. OpenBSD, NetBSD, and FreeBSD are best known. FreeBSD is notable for being highly efficient when used on PC (Pentium) computers. | http://www.freebsd.org/ | ||
| GateD provides network routing services, a routing database, and support for a variety of routing protocols. |
http://www.nexthop.com/products/gated.shtml
(current closed version)
http://www.merit.edu/internet/net-research/idrp/mitre/doc/gated_doc/main.html (earlier FOSS version) |
||
| gawk = GNU awk (Aho, Weinberger, Kernighan - the authors of awk). Gawk is the GNU version of the awk file transformation language. Awk is an interpreted C-like language with strong pattern matching and capabilities, making it useful for writing quick programs to make minor transformations on files. For larger or more frequently used file transformations, Perl is usually a better choice than gawk, since the more recent Perl provides similar capabilities plus a number of advanced features. | http://www.gnu.org/software/gawk/gawk.html | ||
| GCC = GNU Compiler Collection (formerly GNU C Compiler). GCC is a suite of compilers that includes C, C++, Objective C, Chill, Fortran, Java, and (in the next release) GNAT Ada. The original GNU C compiler dominates the C software development market. | http://gcc.gnu.org/ | ||
| GDB = GNU Project Debugger. GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes, or what another program was doing at the moment it crashed. GDB can be used to start your program with any options you want, stop your program when specified conditions occur, examine the state of your program after stopping it, and change your program temporarily to examine the effects of possible fixes. | http://sources.redhat.com/gdb/ | ||
| Ghostscript, along with its associated graphical interface tools Ghostview and GSview, provides viewing of postscript and PDF documents. | http://www.cs.wisc.edu/~ghost/ | ||
| GNAT is a FOSS implementation of Ada 95. Commercial versions of GNAT (GNAT Pro Ada 95) and support are provided by Ada Core Technologies, and fully FOSS (GPL) versions are also available. A GNAT Ada front-end will also be added to GCC in GCC 3.1. | http://www.gnat.com/ | ||
| GnuPG stands for GNU Privacy Guard and is GNU's tool for secure communication and data storage. GnuPG is a complete and free replacement for PGP. It can be used to encrypt data and to create digital signatures, and it includes an advanced key management facility. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application, providing compatibility with PGP from NAI Inc. | http://www.gnupg.org/ | ||
| gnuplot is a command-driven interactive function plotting program that can be used to plot functions and data points in two or three dimensions and many different formats. It is free, but not GPL, despite its name. | http://www.gnuplot.info/ | ||
| GNU grep can be used to search text files or text streams for lines that match simple or complex patterns. | http://www.gnu.org/software/grep/grep.html | ||
| h2n converts a table of host computers into a form usable as Internet (DNS) names. | http://www.crihan.fr/system/linux/maint/bind/old/h2n-man.html | ||
| HOSTS = Host-Oriented Security Test Suite. Provides greater consistency and repeatability in security testing of Unix and Unix-like operating systems by automating many aspects of the testing process. | http://www.openchannelfoundation.org/projects/HOSTS | ||
| ImageMagick provides display and conversion of images in about 70 major formats. | http://www.imagemagick.org/ | ||
| JADE = Java Agent DEvelopment framework. JADE provides Java middleware for creating "multi-agent" software that on multiple networked machines. JADE implements FIPA agent communication standards. | http://sharon.cselt.it/projects/jade/ | ||
| Jakarta is a web site that provides FOSS Java solutions for a wide range of applications and problems. | http://jakarta.apache.org/ | ||
| Jaxen = Java XPath Engine. Jaxen is a Java and XML development tool that interprets XPath expressions for multiple XML models, including DOM, dom4j, EXML, and JDOM. | http://jaxen.org/ | ||
| JBoss is a J2EE-compliant web application server that provides middleware capabilities (EJB and JMS), database connectivity (JDBC), transactions (JTA/JTS), presentation (servlets and Java Server Pages), and directory services (JNDI). In March 2002, Sun Microsystems expressed stronger support for getting the popular JBoss package Java certified. | http://jboss.org/ | ||
| JDOM provides a fast, easy-to-read way to represent XML documents in Java. (JDOM is a name, not an acronym.) | http://www.jdom.org/ | ||
| Jikes is a FOSS compiler for Java. | http://oss.software.ibm.com/developerworks/opensource/jikes/ | ||
| jSIP = Java Session Initiation Protocol. The jSIP library provides text-based collaboration by users, including Instant Messaging. | http://jsip.sourceforge.net/ | ||
| Kaffe is a FOSS implementation of the Java Virtual Machine (JVM), which is the software that interprets Java software. (Sun JVMs are free but not FOSS.) | http://www.kaffe.org/ | ||
| LaTeX (pronounced "lay-tek") is a high-quality typesetting system, with features designed for the production of technical and scientific documentation. It is the de facto standard for writing and publishing scientific documents. | http://www.latex-project.org/ | ||
| Linux is a popular Unix-like FOSS operating system. It contains hundreds of individual tools, and has more commercial and applications support than any other FOSS operating system. | http://www.linux.org/ | ||
| Red Hat is the most popular commercial source for the Linux operating system. | http://www.redhat.com/ | ||
| Linux provides a variety of tools for creating firewalls. | http://www.linuxjournal.com/article.php?sid=1212 | ||
| Lsof = List Open Files. Lsof lists any currently open files or process communications. | http://freshmeat.net/projects/lsof/ | ||
| GNU m4 is a "macro expander" that can be used to create large sets of source code (such as web pages) with a shared format or visual look and feel. | http://www.gnu.org/software/m4/ | ||
| Majordomo automates management of Internet mailing lists. Once a list is set up, nearly all operations can be performed remotely by email. A graphical user interface called MajorCool is also available. | http://www.greatcircle.com/majordomo/ | ||
| The GNU make utility automatically determines which pieces of a large program need to be recompiled, and issues the commands to recompile them. | http://www.gnu.org/manual/make-3.79.1/html_node/make_toc.html | ||
| Maxima is a Common Lisp implementation of MIT's Macsyma system for computer based algebra. | http://www.ma.utexas.edu/users/wfs/maxima.html | ||
| MIMEsweeper is a closed source product with FOSS origins. It looks for suspicious patterns in the actual content of emails and communications to help identify suspicious activities. | http://www.mimesweeper.com/default.asp | ||
| MRTG = Multi Router Traffic Grapher. MRTG provides monitoring of traffic load on network links, and shows the live status graphically using HTML images that can be viewed over the Internet. | http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html | ||
| MTR determines whether a network computer is available, and the overall quality of the link to it. | http://www.bitwizard.nl/mtr/ | ||
| MySQL is the world's most popular FOSS database. It is fast, full-functioned, and precise enough to be used in both heavy load and mission critical applications. | http://www.mysql.com/ | ||
| An easy-to-use, full-functioned, and up-to-date remote security scanner. | http://www.nessus.org/ | ||
| The Unix-like operating BSD operating systems are FOSS competitors to Linux, and are notable for having generally higher levels of reliability and security. OpenBSD, NetBSD, and FreeBSD are best known. NetBSD is notable for being highly portable across a wide range of computer platforms. | http://www.netbsd.org/ | ||
| NetSaint monitors network Linux hosts services and can alert administrators of problems via email when a problem arises. | http://www.netsaint.org/ | ||
| nload monitors and graphically displays real-time network traffic and usage. | http://www.roland-riegel.de/nload/index_en.html | ||
| Nmap scans networks and maps out their configurations. | http://www.insecure.org/nmap/ | ||
| ntop is a Unix tool that shows the heaviest users of network resources in ranked order, making it easy to see hot spots or anomalous usage. | http://www.ntop.org/ntop.html | ||
| NTP = Network Time Protocol. NTP software provides the ability to synchronize in network computer clocks precisely. | http://www.eecis.udel.edu/~ntp/ | ||
| GNU Octave is a high-level language, primarily intended for numerical computations. It provides a convenient command line interface for solving linear and nonlinear problems numerically, and for performing other numerical experiments using a language that is mostly compatible with MATLAB. It may also be used as a batch-oriented language. | http://www.octave.org/ | ||
| The Unix-like operating BSD operating systems are FOSS competitors to Linux, and are notable for having generally higher levels of reliability and security. OpenBSD, NetBSD, and FreeBSD are best known. OpenBSD is notable for its high security, support for encryption, and an exceptionally rigorous self-auditing process. OpenBSD has been particularly successful at avoiding the kinds of default security holes commonly encountered when installing most operating systems. | http://www.openbsd.org/ | ||
| OpenMap is JavaBeans-based programmer's toolkit that allows Java application to access map data from older databases and formats. | http://openmap.bbn.com/ | ||
| OpenOffice is a suite of business office support programs comparable to Microsoft Office, but based on the open and easily exchanged XML format. OpenOffice began as a free but closed-source system called StarOffice, which was bought by Sun Microsystems, who eventually made it fully FOSS. As of early 2002, OpenOffice was still undergoing the transition from closed to FOSS. | http://www.openoffice.org/ | ||
| OpenSSH = Open Secured Shell. OpenSSH provides secure (encrypted) access to remote network computers. | http://www.openssh.com/ | ||
| OpenSSL is a FOSS implementation of the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols for secure communications over the Internet. It includes a full-strength, general-purpose library of cryptography software. | http://www.openssl.org/ | ||
| Perl = Practical Extraction and Reporting Language. A popular, functionally rich Internet language that is used in a wide range of applications that include extracting data from text, reformatting documents, and integrating software components. | http://www.perl.org/ | ||
| Perl scripts provide numerous functions to support web sites, including various types of search. | http://www.scriptsearch.com/Perl/Scripts_and_Programs/ | ||
| The Lightweight Directory Access Protocol (LDAP) is a protocol for accessing online directory services. PerLDAP is a Perl implementation of it. | http://www.perldap.org/ | ||
| PHP = PHP Hypertext Preprocessor. PHP allows web pages to interact with users (e.g., to accept and display form data). | http://www.php.net/ | ||
| PingScan scans networks to find all accessible systems. | http://www.linux.org/apps/AppId_1996.html | ||
| Procmail supports lists and automated pre-processing of email, such as sorting, selecting, and re-routing emails based on various criteria and conditions. | http://www.procmail.org/ | ||
| Qmail is a FOSS replacement for Sendmail, the program that transfers emails between computers on the Internet. Qmail has improved security, reliability, and performance features. | http://qmail.goof.com/top.html | ||
| R is a language and environment for statistical computing and graphics. It provides a wide variety of statistical and graphical techniques such as linear and nonlinear modeling, statistical tests, time series analysis, classification, and clustering. It is also known as GNU S, a reference both to its use of the GPL and its similarity to the S statistical language. | http://www.r-project.org/ | ||
| RealSecure is a closed source intrusion detection product with FOSS origins. | http://www.iss.net/products_services/enterprise_protection/rsnetwork/index.php | ||
| RRDtool = Round Robin Database tool. RRDtool provides efficient collection of network usage data over extended periods of time. | http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/ | ||
| RTLinux allows Linux and BSD operating systems to respond reliably to time-critical applications such as embedded device control, instrumentation, and certain types of communications. | http://www.fsmlabs.com/community/ | ||
| RWhois provides improved administrative identification of users on a network. | http://www.rwhois.net/ | ||
| A smaller, more compact way to interact via command lines with programs. | http://www.rxvt.org/ | ||
| Samba is a popular tool that allows Linux and BSD (OpenBSD, NetBSD, and FreeBSD) operating systems to provide invisibly the same file and printer services as Windows servers. Since the Linux and BSD operating systems were generally more stable than early Windows NT servers, administrators often invisibly converted Windows servers to Linux-plus-Samba to improve network reliability. | http://us1.samba.org/samba/samba.html | ||
| SARA = Security Auditor's Research Assistant. SARA is a third generation Unix security analysis tool that is based on the SATAN model. | http://www-arc.com/sara/ | ||
| SATAN = Security Administrator Tool for Analyzing Networks. It is a first generation Unix security analysis tool that collects data on networked hosts. | http://www.uazone.org/demch/analysis/sec-inchtools.html#5.1 | ||
| SAXON provides tools for processing XML. (XML is the successor to the HTML used in most Internet web pages.) It includes an XML standards-compliant XSLT processor, plus and a number of useful extensions, such as a Java library that provides XSL-like processing. | http://saxon.sourceforge.net/ | ||
| SCA = Software Communications Architecture. This web site provides standards for writing code for software-defined radio applications. This is an early effort to promote sharing by providing an overall standards framework through which contributed software can work and interoperate. | http://www.jtrs.saalt.army.mil/docs/documents/sca.html | ||
| sed = Stream Editor. GNU sed can be used to extract or transform text in very large files, or in incoming or outgoing streams of text data of indefinite length. Perl and awk (gawk) both provide more functionality, but for simple filtering and conversions, sed is both fast and easy to use. | http://www.gnu.org/software/sed/sed.html | ||
| SELinux = Security Enhanced Linux, a set of Linux enhancements developed specifically by NSA to make Linux usable in a broader range of government and industry applications. (Note: In contrast, NSA Signal Intelligence prohibits use of Linux.) | http://www.nsa.gov/selinux/ | ||
| Sendmail takes care of the actual transfer of email messages between Internet computers. Sendmail is the most widely used such program on the Internet. Qmail provides a more security-focused FOSS alternative. | http://www.sendmail.org/ | ||
| SNARE = System iNtrusion Analysis and Reporting Environment). An auditing and intrusion detection module that can be attached directly to the Linux kernel. | http://www.intersectalliance.com/projects/Snare/ | ||
| Snort is a multi-platform, lightweight, rule-based tool for detecting hostile intrusions into a network. It works well on small networks, and can be deployed quickly to help fill in network security holes when new attacks emerge. | http://www.snort.org/ | ||
| Squid improves web performance for Unix and Unix-like systems by invisibly providing local copies (caching) of frequently used files and information from remote parts of the web. It supports full-featured proxying (that is, invisible replacement of requests for files from remote sites with copies of the same information previously stored locally) and caching for most of the major web protocols and formats, including HTTP, FTP, and web site names (URLs), and also proxying for SSL. | http://www.squid-cache.org/ | ||
| Tcl is a scripting language for controlling computer devices, and Tk is a library for creating graphical interfaces to those parts. | http://www.tcl.tk/ | ||
| Provides monitoring and filtering of incoming requests for network services, including sysstat, finger, ftp, telnet, rlogin, rsh, exec, tftp, and talk. | ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.BLURB | ||
| Tomcat is a FOSS implementation of the official "servlet container" for Java Servlets and JavaServer Pages. | http://jakarta.apache.org/tomcat/index.html | ||
| Top is a standard Unix (Linux and BSD) tool for determining which processes are consuming the most processing resources. | http://www.tac.eu.org/cgi-bin/man-cgi?top+1 | ||
| Tripwire monitors key attributes of files that should not change and provides alerts when they do change. | http://www.tripwire.org/qanda/faq.php | ||
| VisAD = Visualization for Algorithm Development. VisAD is a Java library for interactive and collaborative visualization and analysis of numerical data. | http://www.ssec.wisc.edu/~billh/visad.html | ||
| VOCAL = Vovida Open Communication Application Library. VOCAL provides tools and software for building advanced Internet telephony (VoIP) applications. | http://www.vovida.org/applications/downloads/vocal/home.html | ||
| VTK = Visualization Toolkit. VTK provides 3D computer graphics, image processing, and visualization. It has interfaces to most of the major Internet computer languages, and is used by thousands of researchers and developers around the world. | http://public.kitware.com/VTK/ | ||
| Webmin makes it possible to do web-based remote or local system administration of Unix and Unix-like systems. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing, and other common system admin tasks. The web server part of Webmin is written in Perl, using only standard Perl modules. | http://www.webmin.com/ | ||
| WebTAS = Web-enabled Timeline Analysis System. WebTAS provides tools for analyzing data and looking for suspicious patterns in the data of both large and small organizations, particularly law enforcement and security agencies. It is free under a limited access (community) license. | http://www.webtas.com/ | ||
| Weka is a collection of machine learning algorithms for solving real-world data mining problems. It is written in Java and runs on almost any platform. | http://www.cs.waikato.ac.nz/~ml/weka/ | ||
| WU-FTPD provides the ability to transfer files easily ("FTP") between computers on the Internet. It is the most widely used program for providing FTP capabilities. | http://www.wu-ftpd.org/ | ||
| Xalan-Java and Xalan-C++ are XSLT-based tools for converting XML documents into HTML, text, or other XML document types. |
http://xml.apache.org/xalan-j/
http://www.garshol.priv.no/download/xmltools/prod/Xalan-C.html |
||
| Xerces interprets (parses) XML, which is the successor to HTML. Xerces is available for Java, C++, and Windows. | http://xml.apache.org/ | ||
| XFree86 is a FOSS version of the X windowing system used in most Unix-like systems, including Linux and the BSD operating systems. It provides easy-to-use, PC-like graphical displays and controls for computer users. | http://www.xfree86.org/ | ||
| XGobi is a data visualization system for viewing high-dimensional data. The most recent version is called GGobi. GGobi components include four FOSS licenses: AT&T Open Source License , GPL , BSD , and LGPL . | http://www.ggobi.org/ ; http://www.research.att.com/areas/stat/xgobi/ | ||
| Xpatch provides tools for predicting the likely radar signatures of both nearby and distant objects. | http://www.saic.com/products/software/xpatch/ | ||
| A library of FOSS compression software with a license that permits use in closed source products. | http://www.gzip.org/zlib/ | ||
| Zope is a web application server used to create web-based applications such as intranets and portals. | http://www.zope.org/ |