Trojan scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It works by listing all processes that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures in the form of process_name:port_number:user. These signatures then are matched against the allowed process defined in the configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output.
Keywatch is a free, OSGi-based monitoring system that provides the adaptability of a modern monitoring system without being complex or hard to configure. It support agents written in any language, and comes pre-packed with a Perl agent and a set of check scripts. Keywatch also supports Nagios check scripts.
The WebReboot Plugin for Nagios is a suite of commands that can be used within Nagios to monitor a server and take corrective action if necessary via the WebReboot line of products. For example, the plugin can be used to alert you if a host is powered down, versus simply not responding to network requests. Likewise, it can be used to reboot a server if a host fails to respond to ping, or to shut down a server when a critical temperature threshold is exceeded. The commands can be mixed-and-matched with all existing Nagios commands, maximizing total network coverage.
Membrane SOAP Router is a modular SOAP intermediary written in Java. It is fully configurable due to Spring style configuration. You can audit SOAP traffic, route messages through DMZ, and gather performance statistics. The small memory consumption of less than 20 Megabytes makes it possible to run an instance of Membrane SOAP Monitor on any computer that provides or consumes Web services.
TinyIDS is a distributed intrusion detection system (IDS) for Unix systems. It is based on the client/server architecture and has been developed with security in mind. The client, tinyids, collects information from the local system by running its collector backends. The collected information may include anything, from file contents to file metadata or even the output of system commands. The client passes all this data through a hashing algorithm and a unique checksum (hash) is calculated. This hash is then sent to one or more TinyIDS servers (tinyidsd), where it is compared with a hash that had previously been stored in the databases of those remote servers for this specific client. A response indicating the result of the hash comparison is finally sent back to the client. Management of the remotely stored hash is possible through the client's command line interface. Communication between the client and the server can be encrypted using RSA public key infrastructure (PKI).