360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.
EtherApe is a GNOME/pcap-based etherman, interman, and "tcpman" clone. It displays network activity graphically. Active hosts are shown as circles of varying size, and traffic among them is shown as lines of varying width. It supports Ethernet, FDDI, Token Ring, ISDN, PPP, WLAN, and SLIP transports. It knows about VLANs, IP, IPv6, TCP, UDP, FTP, and a number of other protocols. Additional statistics windows will let you concentrate on protocols or nodes.
jWatchdog delivers a simple watchdog to actively monitor your infrastructure and send you notifications in case something goes wrong. It is configured using a simple XML configuration file. This configuration file can be changed on-the-fly without a need to restart the watchdog. jWatchdog does not offer data collection itself. It assumes that you already collected the data on which you want to run jWatchdog. The de facto standard tool Collectd is recommended for data collection. jWatchdog assumes that you use the RRDTool collectd output plugin to store the collected data in RRD files, or use Graphite as a datasource.
PHREL is a per host rate limiter. It will track the rate of incoming traffic on a server and insert a chain into iptables when a configured threshold is crossed. The inserted chain may either rate limit or block the offending host for a period of time. The inserted chain is automatically removed when the offending host's traffic levels return to normal. PHREL is particularly well suited to protecting nameservers (DNS) from random hosts that flood requests, and to preventing SSH brute force login attempts.
Trojan scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It works by listing all processes that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures in the form of process_name:port_number:user. These signatures then are matched against the allowed process defined in the configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output.