The audit package contains the user-space utilities for creating audit rules, as well as for storing, searching, and generating reports from the audit records generated by the audit subsystem in the Linux 2.6 kernel and higher. It has a real-time plugin interface for event analysis and remote logging of events.
Tenable Nessus is a world-leader in active vulnerability scanners. It features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis of your security posture. Nessus scanners may be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks. It is free of charge for personal use in a non-enterprise environment.
ZedLog is a robust cross-platform input logging tool (A.K.A., a key logger). It is based on a flexible data logging system which makes it easy to get the required data. It features logging of all keyboard and mouse events, a replay simulation tool, logging to a file, and hiding in the background.
LoginIDS provides functions to analyze log files from different services in order to detect unusual login behavior. The normal user behavior is learned by analyzing log files and saved in a database. Logins are analyzed by time, service, source, and destination address. If a user's login is new or considered unlikely by LoginIDS, an alert is generated. Alerts can be handled by external scripts and viewed using the log file management system Splunk and the LoginIDS App.
Nova is a software application for preventing and detecting hostile network reconnaissance (such as nmap scans). It does this by first creating the Haystack: a large collection of low interaction honeypots using an updated version of Honeyd. Finding real machines on the network becomes like finding a needle in a haystack of fake machines. Second, Nova uses machine learning algorithms to automatically detect and classify attempts at hostile reconnaissance, so there's no need to go searching manually through your honeypot's log files. It provides an easy to use Web-based interface powered by Node.js to configure itself and Honeyd instances.
Netzob supports the expert in reverse engineering, evaluation, and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocol implementations, simulate realistic communications to test third-party products (IDS, firewalls, etc.), and create an Open Source implementation of a proprietary or unknown protocol. Netzob provides a semi-automatic inferring process, and includes everything necessary to passively learn the vocabulary of a protocol and actively infer its grammar. The learnt protocol can afterward be simulated. Netzob handles text protocols (like HTTP and IRC), fixed field protocols (like IP and TCP), and variable field protocols (like ASN.1-based formats).
LinuxMCE is an add-on to Kubuntu that provides a complete whole-house media solution. It provides PVR and distributed media functions. It is stable, easy to use, and requires no knowledge of Linux and only basic computer skills. It allows you to set up a computer system that centralizes audio/video equipment, allowing you to access all media functions in other rooms with only thin clients. It supports home automation protocols including KNX, EIB, Z-Wave, DMX, EnOcean, and PLCBUS.
Liberté Linux is a secure, reliable, lightweight, and easy to use Gentoo-based live USB Linux distribution intended as a communication aid in hostile environments. It installs as a regular directory on a USB/SD key, and after a single-click setup, boots on any desktop computer or laptop. The Internet connection is then used to set up a Tor circuit, which handles all network communication. During first boot, a unique email ID is generated from fingerprints of user's certificate and Tor hidden service key. This persistent ID allows one to stealthily communicate with other Liberté users. The distribution includes image and document processing applications, and can function as a secure Web browsing platform. For developers, Liberté can also serve as a robust framework for mastering Gentoo-based live USBs/CDs. The build process is fully automated with incremental build support, and is more mature and reliable than most of Gentoo's own outdated live CD tools.