BalanceNG is a modern, IPv6 capable software IP load balancing solution. It is small, fast, and easy to use and set up. It offers session persistence, different distribution methods (Round Robin, Random, Weighted Random, Least Session, Least Bandwidth, Hash, Agent, and Randomized Agent) and a customizable UDP health check agent in source code. It supports VRRP to set up high availability configurations on multiple nodes. It supports SNMP, integrating the BALANCENG-MIB with Net-SNMPD. It implements a very fast in-memory IP-to-location database, allowing powerful location-based server load-balancing.
pmacct is a small set of passive network monitoring tools to account, filter, classify, aggregate, and export IPv4 and IPv6 traffic. A pluggable and flexible architecture allows storing collected network data in memory tables, RDBMSs (MySQL, SQLite, PostgreSQL, BDB), and flat files, and also export via IPFIX, NetFlow, or sFlow protocols to remote collectors. pmacct features fully customizable historical data breakdown, sampling, BGP correlation, tagging, and triggers. Libpcap, ULOG, sFlow v2/v4/v5, NetFlow v1/v5/v7/v8/v9, and IPFIX are supported data capturing methods.
web2ldap is a full-featured Web-based LDAPv3 client written in Python. It is designed to run either as with stand-alone built-in Web server or under the control of another Web server with FastCGI support (e.g. Apache with mod_fastcgi). It has support for various LDAPv3 bind methods and a powerful built-in schema browser. HTML templates are supported for displaying and editing entries, and LDIF templates can be used for quickly adding new entries. A built-in X.509 parser displays a detailed view of certificates and CRLs with active links.
ZABBIX is an enterprise-class distributed monitoring solution designed to monitor and track performance and availability of network servers, devices, and other IT resources. It supports distributed and Web-based monitoring, auto-discovery, real-time monitoring, SLA assurance, trending, and more.
Arno's IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines. It supports NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ support, protection against SYN/ICMP flooding, experimental IPv6 support, multi-interface/aliased-IP support, and extensive user definable logging with rate limiting to prevent log flooding. It has plugin support to add extra features (like SSH Brute Force protection and (Racoon) IPSEC support). It is easy to configure and highly customizable. A filter script that makes your firewall log more readable is also included.
fwknop implements an authorization scheme called Single Packet Authorization that requires only a single encrypted packet to communicate various pieces of information, including desired access through an iptables, ipfw, or pf firewall policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. Also supported is a robust port knocking implementation based around iptables log messages.
The WiKID Strong Authentication System is a highly scalable, secure two-factor authentication system. It is simple to implement and maintain, allows users to be validated automatically, requires no hardware tokens, has a simple API for application support (via Ruby, PHP, Java, COM, Python, etc.), supports multiple domains, and supports replication for fault tolerance and scalability. It also supports mutual /host and transaction authentication, wireless tokens only domains, locked tokens (to your PC), anti-keystroke logger keypad PIN entry, etc.
Performance Co-Pilot (PCP) is a framework and set of services for supporting system-level performance monitoring and performance management. It provides a unifying abstraction for all of the interesting performance data in a system, and allows client applications to easily retrieve and process any subset of that data using a single API. A client-server architecture allows multiple clients to monitor the same host, and a single client to monitor multiple hosts. Archive logging and replay are integrated so that a client application can use the same API to process real-time data from a host or historical data from an archive.
MatrixSSL is an embedded SSL and TLS implementation designed for small footprint devices and applications requiring low overhead per connection. The library is less than 50Kb on disk with cipher suites. It includes client and server support through TLS 1.2, mutual authentication, session resumption, and implementations of RSA, ECC, AES, 3DES, ARC4, SHA2, SHA1, and MD5. The source is well documented and contains portability layers for additional operating systems, cipher suites, and cryptography providers.