passwdqc is a password/passphrase strength checking and policy enforcement tool set, including an optional PAM module (pam_passwdqc), command-line programs (pwqcheck and pwqgen), and a library (libpasswdqc). On systems with PAM, pam_passwdqc is normally invoked on password changes by programs such as passwd(1). It is capable of checking password or passphrase strength, enforcing a policy, and offering randomly-generated passphrases, with all of these features being optional and easily (re-)configurable. pwqcheck and pwqgen are standalone password/passphrase strength checking and random passphrase generator programs, respectively, and are usable from scripts. libpasswdqc is the underlying library, which may also be used from third-party programs.
AFD is a program to automatically distribute files either locally or to remote hosts. The files are distributed by using FTP or SMTP, and can be sent in parallel and with priority. It provides a GUI to monitor and control the distribution and extensive logging of all activities.
Cfengine is a tool for setting up and maintaining BSD and System-5-like operating system optionally attached to a TCP/IP network. You can think of cfengine as a very high level language, much higher level than Perl or shell: a single statement can result in many hundreds of operations being performed on multiple hosts. Cfengine is good at performing a lot of common system administration tasks, and allows you to build on its strengths with your own scripts.
System Configuration Collector collects and classifies most of your Unix/Linux/BSD configuration data in flat files called snapshots. This allows changes in snapshots of consecutive runs to be detected. These changes are added to a logbook, which is helpful for administrators during troubleshooting and for auditors during audits. Snapshots and logbooks are also available in HTML format. All data can be send to an SCC server, where a Web interface provides access to summaries and supports comparing snapshots of different servers and searching of all data. A WMI-based Windows client is also available.
Bastille Unix (formerly Bastille Linux) aims to be the most comprehensive, flexible, and educational Security Hardening Program for Red Hat (Fedora Core, Enterprise Linux, and original Red Hat), SuSE, Gentoo, Mandrake, and Debian Linux, as well as HP-UX and Mac OS X. Virtually every task it performs is optional, providing immense flexibility. It educates the installing admin regarding the topic at hand before asking any question. The interactive nature allows the program to be more thorough when securing, while the educational component produces an admin who is less likely to compromise the increased security.
Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, including users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. Its simple declarative specification language provides powerful classing abilities for drawing out the similarities between hosts while allowing them to be as specific as necessary, and it handles dependency and prerequisite relationships between objects clearly and explicitly.
OpenSMART is a monitoring (and reporting) environment for servers and applications in a network. Its main features are a nice Web front end, monitored servers requiring only a Perl installation, XML configuration, and good documentation. It is easy to write more checks. Supported platforms are Linux, HP/UX, Solaris, AIX, *BSD, and Windows (only as a client).