DenyThem is a program designed to protect your Linux system from malicious attacks. It is an active response system to disrupt and block dictionary attacks and DOS attacks. DenyThem by default uses /var/log/syslog and /var/log/auth.log and searches for hack attempts. When DenyThem finds enough hack attempts from a single host, it will add a DROP statement to your system's firewall, thus preventing future attacks. DenyThem uses iptables, so it will only work on Linux or any other system that uses iptables. It can also block traffic from specific countries.
Nagios is a host, service, and network monitoring system that will watch your network and alert you to problems before your clients or end-users do. The system runs checks on hosts and services that you specify using plugins that return status information to Nagios. When problems are encountered, the system will send notifications to system administrators so that they can take action on the problem. The JumpBox for Nagios gives you a head start to using the system. It eliminates the complexity involved in getting the application installed, and allows you to focus on the configuration for your specific environment. Since Nagios is based on plugins, depending on what you want to do this will vary in complexity.
Service Guardian aims to protect servers against various things such as resource exhaustion and connection floods. It can measure the number of connections to servers' ports and, after a grace time period, compares and sees if the host is still in violation of the specified settings. If a host is in violation of the settings, it will be filtered out and dropped via netfilter/iptables.
SpotSec Network Gateway is an all in one Linux firewall and gateway distribution that features a Web-based management console. It is designed to be a unified threat management system to protect and defend a network. Common features include intrusion detection and prevention and HTTP, SMTP, and POP3 proxies with content filtering and virus scanning. The design of the Web interface is centered around the definition of networks, services, users, and time events, which allows easier modification of packet filter rules.
mSuite is a solution for enterprise-wide infrastructure management. This solution uses Monolith Event Manager (Event/Fault), Action Manager (E&N), and Reporter (Historical Reporting). Monolith integrates with a variety of availability and performance tools based upon a client's needs. mSuite can monitor syslogs, SNMP traps, and NT event logs.
NoNox is intended to help automate the defense of Internet servers against attacks such as dictionary login attacks. NoNox monitors log files for user-specified trigger patterns. When a pattern is seen enough times in a given file within a given period of time, NoNox will execute a command. The patterns, time limits, files to watch, and commands are all user-specified. For example, if NoNox sees too many failed login attempts from one IP address, it could execute a command that tells a firewall to drop packets from that host, instantly cutting off the attacker.
DSM (Dedicated Server Manager) Standard is a solution for hosting companies and organizations who need to combine a Web server, mail server, DNS server, or a fully featured Web hosting environment. DSM Standard offers four levels of interface access: root user, reseller, site-owner, and mailuser.
Ssh-faker is a wrapper for sshd to defeat brute force hacking. This program is meant to be called from /etc/hosts.deny when anyone connects to port 22 (ssh). If the person doesn't send a plaintext password (using telnet), the attempt is logged and the connection is dropped. If they send the right password, they are added to /etc/hosts.allow, and their next attempt will reach the real sshd. This will block most hackers and worms, assuming none of the computers listed in /etc/hosts.allow have been compromised.
PIX Logging Architecture is a project allowing for correlation of Cisco PIX Firewall traffic, IDS, and informational logs. It parses Cisco PIX logs from syslog files, then pushes the parsed data to a database. It contains a Web-based front end for displaying and searching the Cisco PIX Firewall logs.
Hardened Debian improves Debian GNU/Linux with high security and hardening features, hardened kernels and packages, DHKP, and other security related enhancements. It makes systems more difficult to compromise using common attacks such as race conditions, chroot jail escapes, and buffer overflows.