The SPDX License List is an integral part of the SPDX Specification. The SPDX License List itself is a list of commonly found licenses and exceptions used in free and open or collaborative software, data, hardware, or documentation. The SPDX License List includes a standardized short identifier, the full name, the license text, and a canonical permanent URL for each license and exception.
The purpose of the SPDX License List is to enable efficient and reliable identification of such licenses and exceptions in an SPDX document, in source files or elsewhere.
Open source licenses are licenses that comply with the Open Source Definition – in brief, they allow software to be freely used, modified, and shared. To be approved by the Open Source Initiative (also known as the OSI) a license must go through the Open Source Initiative’s license review process.
OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). Has a powerful correlation and analysis engine, integrating log analysis, file integrity monitoring, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.
Has supported package repositories for multiple distros: https://www.ossec.net/download-ossec/
Lynis is a security auditing tool for systems based on UNIX like Linux, macOS, BSD, and others. It performs an in-depth security scan and runs on the system itself. The primary goal is to test security defenses and provide tips for further system hardening. It will also scan for general system information, vulnerable software packages, and possible configuration issues. Lynis was commonly used by system administrators and auditors to assess the security defenses of their systems.
Automated security auditing
Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)
Vulnerability detection
A service that logs into XMPP servers and tests their compliance with various XEPs. Generates a visual map of compliance on a categorical grid. You have to give it a user account on the server so it can log in and run tests. You do /not/ have to add your server to the public roster!
There is also a command line tool in Github.