syslog-ng is a multi-platform syslogd replacement, with lots of new functionality. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The configuration scheme is both intuitive and powerful.
d4d3bc043ac32bae2d82f2b91830abca12aba7bff2bdf1379d396f5a0d4608d7
LOMAC is a dynamically-loadable security module for Free UNIX kernels that uses Low Water-Mark Mandatory Access Control (MAC) to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised network server daemons. The LOMAC loadable kernel module can be used to harden Linux systems without any changes to existing kernels, applications, or configuration files. Due to its simplicity, LOMAC itself requires no configuration, regardless of the users and applications present on the system. Whitepapers available
a364baae205e84f39f6e346400744e8ab469805a48bbf940fbc54d1e10a2bfb7
ferm v1.0pl8 compiles ready-to-go firewall rules from a structured rule-setup. These rules will be executed by the preferred kernel interface, such as ipchains and iptables. ferm will also add in modularizing firewalls, because it creates the possibility to split up the firewall into several different files, which can be loaded at will, so you can dynamically adjust your rules.
8a08d855f3fe640fc7f344ba40c79e07a3272920ee837f1d352e1b2ba6719495
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
f96e51ccf13e9b13fb80a837de32b9f016e62aabed02338d3964c5886d9ae554
nPULSE is a web-based network monitoring package for Unix-like operating systems. It can quickly monitor tens, hundreds, even thousands of sites/device s at a time on multiple ports. nPULSE is written in Perl, uses nmap as its core scanning engine, and comes with its own mini web server for extra security.
800439f4306056aba2feb40201190d05bf8f793ad9ba37f19bebb3960641f06d
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
6e4d7e447da11663c0fcc3a2d11473a11cf10c1749296834f5f4397a88f6e5df
Log_analysis is a log file analyzer which extracts relevant data for any of the recognized log messages and produces a summary that is much easier to read and can be easily configured to recognize entirely new log types. log_analysis natively understands about 100 different kinds of syslog messages, as well as sulog and wtmp messages for Linux, Solaris, and OpenBSD.
35732b17e1e80a93fb35ca0eae6650428094b21c32c6df4e2dc6d312d3bc5a54
Aldebaran is an advanced libpcap-based network TCP, UDP, and ARP network sniffer which gives a user only a payload from captured data and basic info about addresses and ports (nothing about flags, etc.). This is useful for monitoring data sent by connections and sniffing passwords. It supports filtering packets with not only simple port/address libpcap rules but also payload contents and can send captured data to another host via UDP. It can also encrypt data written to a dump file, analyze interface traffic, and present statistics (packet count, sizes, average speed, etc.) in HTML or a plain text file.
5b29ff9b1edfb18e2c818dd568e38feeff1400484416ae12ab48a949c22889cf
PortSentry is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations. All modes support real time alerting and blocking.
eb06f3c328614365a9fe61b8878acb76cbf364cb695dda37536a3b0e07a13f1f
Knocker is a simple and easy-to-use TCP security port scanner written in C. It is able to analyze hosts and the network services which are running on them. Knocker it is available for Linux and Unix platforms. Both a console version and a GTK+ version are available.
0296ad8f3be20dff4b9a2073b693525011e9861389d84b7b034f002d1d31d8f6