The Toby intrusion detection system is a fairly complete reimplementation of tripwire-1.3 (ASR) into Perl. It mainains a database of file properties to detect alterations to those properties. It supports MD5 and SHA-1 checksums of the file contents. It features a configuration file which is actually a Perl script, with the attendant power, flexibility, and difficulty.
Procwatch is security monitor written in Perl that watches a /proc filesystem for new processes. When a process is created, procwatch reports the time, the username, the PID, and the binary that was run. Its output is suitable for logging to log files and is geared for system administrators who are testing a new but as yet untrusted UNIX system. Although it cannot detect, and is not proof against, hacked loadable kernel modules that have modified /proc, it is useful in watching for possible rogue binaries.
http_filter is an HTTP tunnel with filtering and multiplexing. It runs on a firewall, sitting in front of not-so-secure Web servers (like IIS), and it accepts requests, applies a set of rules to them, and allows the requests to be passed through to the back-end Web server only if they pass all filters. The rules can be defined globally or per-server.