OctopusWAF is an open-source Web application firewall entirely created in C language that uses libevent to make multiple connections. The event-driven architecture is optimized for many parallel connections (keep-alive), vital for high-performance AJAX applications. This tool is very light. You can deploy in any, please. This resource turns perfect for protecting specific endpoints that need custom protection.

A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities.

HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, firewall functions, etc.). The motivation: in a bad situation, an attacker can put your iptables/ufw to fall. But if you have HiddenWall, the attacker will not find the hidden kernel module that blocks external access because it has a hook to netfilter on kernel land(think like a second layer for Firewall).

Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files. This program has two principal functions: turning private files hidden. The second function is to protect confidential files to prevent reading, writing and removal.

Protect from what? What is your threat model and why do you think full disk encryption doesn't cover it?