MotionView is a Java application that allows you to view, scan, fast-forward, and reverse through the images captured by the Motion motion-detection and video capture software for Video4Linux. It also lets you archive the images to a backup directory, or erase them with a single button click after you view them.
Secure Syslog is a cryptographically secure system logging tool for UNIX systems. Designed to replace the syslog daemon, ssyslog implements a cryptographic protocol called PEO-1 that allows the remote auditing of system logs. Auditing remains possible even if an intruder gains superuser privileges in the system, the protocol guarantees that the information logged before and during the intrusion process cannot be modified without the auditor (on a remote, trusted host) noticing.
Sysmon is a network monitoring tool designed to provide high performance and accurate network monitoring. Currently supported tests include monitoring of SMTP, IMAP, HTTP, TCP, UDP, Radius, NNTP, and POP3 servers. It also includes the ability to ping hosts and routers, as well as the ability to perform SNMP queries and generate alerts based on those results. Sysmon has the ability to understand real network topologies, including the ability to monitor multiple paths and only report the actual device that is down instead of a router that is down, and all the hosts behind it.
The Spoofaudit network auditing tool will help you to determine what basic spoofing filters (rfc2827 & rfc3013) are present between two test points on two networks, and what anti-spoofing filters are missing. The tools are designed to work between endpoints that would not normally have filtering between them except anti-spoofing filters.
ethstats is a script that quickly measures network device throughput. It works by parsing the /proc/net/dev file that the Linux kernel maintains, and thus utilizes a negligible amount of CPU time. ethstats shows the throughput of each device in both megabits per second and packets per second.
Worm Report is a very simple Perl script to filter out the known worm (Code Red, Nimda) hits from the access log, and put them into their own files named for the IP/Host that has been "wormed". A basic report containing the count, hostname, ip, and a guess at the parent domain is then printed to STDOUT to facilitate contacting these individuals. Adding a new worm requires adding a new worm hit string to the DATA section of the script, nothing so fancy (or exhaustive) as an Apache module.
Nitpicker is an Ethernet accounting tool, which listens on an interface and accumulates all packets into flows. As it has been designed for *BSD's BPF, it also runs on Linux using libpcap. It writes raw file format flow files and has a dumping utility, and includes some tools for ISP billing.
socket_wrappers is an improved version of tcp_wrappers. The improvements include changing from K&R to ANSI C, removing unneeded compatibility libraries, separation of the public and private API, prepending tcpd_ to all private functions and data to prevent name collisions, updates to signal handlers so that the application's handlers aren't tampered with, dropping supplemental groups, and some build and man page improvements. Applications compiled with this library should be smaller, too.