The audit package contains the user-space utilities for creating audit rules, as well as for storing, searching, and generating reports from the audit records generated by the audit subsystem in the Linux 2.6 kernel and higher. It has a real-time plugin interface for event analysis and remote logging of events.
ZedLog is a robust cross-platform input logging tool (A.K.A., a key logger). It is based on a flexible data logging system which makes it easy to get the required data. It features logging of all keyboard and mouse events, a replay simulation tool, logging to a file, and hiding in the background.
LoginIDS provides functions to analyze log files from different services in order to detect unusual login behavior. The normal user behavior is learned by analyzing log files and saved in a database. Logins are analyzed by time, service, source, and destination address. If a user's login is new or considered unlikely by LoginIDS, an alert is generated. Alerts can be handled by external scripts and viewed using the log file management system Splunk and the LoginIDS App.
BSM Pseudonymizer pseudonymizes records from Solaris BSM audit trail files. Personal data such as user IDs, pathnames, timestamps, etc. is replaced with pseudonyms so that the generated output doesn't reveal private information about the system's users, but still preserves a maximum of integrity and consistency.
Service Guardian aims to protect servers against various things such as resource exhaustion and connection floods. It can measure the number of connections to servers' ports and, after a grace time period, compares and sees if the host is still in violation of the specified settings. If a host is in violation of the settings, it will be filtered out and dropped via netfilter/iptables.
Picviz is a parallel coordinates plotter which enables easy scripting from various types of input (such as tcpdump, syslog, iptables logs, or Apache logs) to visualize your data and discover interesting results quickly. Its primary goal is to graph data in order to be able to quickly analyze problems and find correlations among variables. With security analysis in mind, the program has been designed to be very flexible, able to graph millions of events.
Ipt_fw is a firewall for Linux based on iptables. It is designed for client systems. Ipt_fw outputs a shell script containing iptables commands, so inspection of the settings it creates is easy. The configuration files are made in LibreOffice（OpenOffice）Calc. Making of the firewall and a machine using the firewall are separated. It allows you to set the user level and features detailed logging, IP address blacklist management, and iptables integrity.
Libptytty is a small library that offers pseudo-TTY management in an OS-independent way. It was created out of frustration over the many differences of PTY/TTY handling in different operating systems for use inside "rxvt-unicode". It also offers session database support (utmp and optional wtmp/lastlog updates for login shells) and supports forking a proxy process after startup and dropping privileges in the calling process. It offers C++ and C-only APIs.