Lard is a Logging and Rotation Daemon that can replace the functionality of sysklogd and logrotate together. Logging is done almost exactly the same as syslogd, with added features such as regex matching and command triggers. Rotation can be triggered while the daemon is running safely by sending it a simple signal.
pam_eps is a PAM module that allows you to authenticate users against a remote server with a ssh daemon enabled. If the user exists in local machine, he is allowed entry. But if the user doesn't exist (yet exists in the remote machine and the password supplied is correct), a new user with that pass and logname will be created.
Worm Report is a very simple Perl script to filter out the known worm (Code Red, Nimda) hits from the access log, and put them into their own files named for the IP/Host that has been "wormed". A basic report containing the count, hostname, ip, and a guess at the parent domain is then printed to STDOUT to facilitate contacting these individuals. Adding a new worm requires adding a new worm hit string to the DATA section of the script, nothing so fancy (or exhaustive) as an Apache module.
md5mon is a shell script that verifies files by computing their checksums. The script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
Secure Syslog is a cryptographically secure system logging tool for UNIX systems. Designed to replace the syslog daemon, ssyslog implements a cryptographic protocol called PEO-1 that allows the remote auditing of system logs. Auditing remains possible even if an intruder gains superuser privileges in the system, the protocol guarantees that the information logged before and during the intrusion process cannot be modified without the auditor (on a remote, trusted host) noticing.