Trojan scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It works by listing all processes that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures in the form of process_name:port_number:user. These signatures then are matched against the allowed process defined in the configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output.
GNU grep is based on a fast lazy-state deterministic matcher (about twice as fast as stock Unix egrep) hybridized with a Boyer-Moore-Gosper search for a fixed string that eliminates impossible text from being considered by the full regexp matcher without necessarily having to look at every character. The result is typically many times faster than Unix grep or egrep.
The MirBSD Korn Shell (mksh) is an actively developed successor of pdksh (the Public Domain Korn Shell), aimed at producing a shell good for interactive use, but with the primary focus on scripting. It is intended to be portable to most *nix-like operating systems as long as they're not too obscure. mksh incorporates improvements from OpenBSD and Debian, as well as bugfixes and enhancements developed for the MirOS, FreeWRT, and MidnightBSD projects and Android. The emacs command line editing mode is UTF-8 capable, and Byte Order Marks are ignored in scripts. The shell supports large files, as well as all pdksh and some csh, AT&T ksh, zsh, and GNU bash features, is compatible with the Bourne shell and POSIX (within limits), has no limit on array sizes, and incorporates some other useful builtins and features. While being already fast and small (without losing functionality), flags to make it even smaller can be given at compile time. An interactive shell reads "~/.mkshrc" on startup.