Trojan scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It works by listing all processes that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures in the form of process_name:port_number:user. These signatures then are matched against the allowed process defined in the configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output.
NagiosAppender is a pure Java implementation of a Log4j appender that allows the developer/administrator to send log records to Nagios via the NCSA server (using the push model). It provides a simple solution for Nagios administrators whose only alternative is to implement a polling function against against the output of a standard Log4j appender. The log4j configuration file provides for user-specific mappings between Log4j levels and Nagios levels. The configuration file also allows the user to select whether to set the Nagios 'service' and 'host' programmatically via Log4j MDC, or via the config file. Later releases support XOR encryption.
Membrane SOAP Router is a modular SOAP intermediary written in Java. It is fully configurable due to Spring style configuration. You can audit SOAP traffic, route messages through DMZ, and gather performance statistics. The small memory consumption of less than 20 Megabytes makes it possible to run an instance of Membrane SOAP Monitor on any computer that provides or consumes Web services.
TinyIDS is a distributed intrusion detection system (IDS) for Unix systems. It is based on the client/server architecture and has been developed with security in mind. The client, tinyids, collects information from the local system by running its collector backends. The collected information may include anything, from file contents to file metadata or even the output of system commands. The client passes all this data through a hashing algorithm and a unique checksum (hash) is calculated. This hash is then sent to one or more TinyIDS servers (tinyidsd), where it is compared with a hash that had previously been stored in the databases of those remote servers for this specific client. A response indicating the result of the hash comparison is finally sent back to the client. Management of the remotely stored hash is possible through the client's command line interface. Communication between the client and the server can be encrypted using RSA public key infrastructure (PKI).
jmxsh is a fully scriptable command-line JMX client based on Tcl. It is simply a Tcl interpreter powered by Java/Tcl (with command-line history and editing provided by JLine) that has special command-line options for connecting to JMX servers and special Tcl commands for interacting with JMX servers. jmxsh is capable of simultaneously connecting to multiple JMX servers. There's also a "browse mode" for exploring the remote JMX namespace without knowing beforehand the names of MBeans or their properties. jmxsh and all its dependencies are distributed in a self-contained executable jar file for ease of use.
Keywatch is a free, OSGi-based monitoring system that provides the adaptability of a modern monitoring system without being complex or hard to configure. It support agents written in any language, and comes pre-packed with a Perl agent and a set of check scripts. Keywatch also supports Nagios check scripts.
SysScope is a graphing solution that facilitates the visual representation of RRDtool's Round Robin Databases (RRD). It retrieves the graph options from an Apache-style configuration file and, after making the necessary calls to rrdgraph, it generates static or dynamic HTML pages containing the graphs. The following backends are supported for the generation of the dynamic pages: CGI, FastCGI, mod_python, and WSGI.