Lynis is an auditing and hardening tool for Unix derivatives like Linux/BSD/Solaris. It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.
Kernel Security Checker is a useful tool to locate attackers residing within a system by employing a direct analysis of the kernel through /dev/kmem and bypassing the hiding techniques of the intruder (kernel static recompilation or use of LKMs). It can find the modified syscalls from userspace, detect the promiscuous interfaces, and find the modifications applied to a protocol.
The goal of Escape-K is to provide an all-in-one platform for IT service management. This means that using a single application (the Escape-K client console), users are able to manage any sized computer organization, from workstation and printers to servers, databases, or network devices. Escape-K follows the main guidelines recommended by ITIL. Therefore, the core of the application is the composed of the CMDB. Depending of the chosen perspective, Escape-K users can deal with incidents and problem resolution as well as server or database administration.
The RegLookup project is devoted to direct analysis of Windows NT-based registry files. RegLookup provides command line tools, a C API, and a Python module for accessing registry data structures. The project has a focus on providing tools for digital forensic examiners (though it is useful for many purposes), and includes algorithms for retrieving deleted data structures from registry hives.
Passwd_exp notifies users via email of upcoming password or account expiration. Its simple modular architecture allows you to perform expiration checks on any data source you use (SQL databases, LDAP...), send expiration warnings only to desired users or group and on selected days only. Administrators can use it to review expired accounts in the system. Support for Linux and Solaris shadow (including LDAP and NIS systems) and BSD passwd systems is included.
INSERT (the Inside Security Rescue Toolkit) aims to be a multi-functional, multi-purpose disaster recovery and network analysis system. It boots from a credit card-sized CD-ROM and is basically a stripped-down version of Knoppix. It features good hardware detection, fluxbox, emelfm, links-hacked, ssh, tcpdump, nmap, chntpwd, and much more. It provides full read-write support for NTFS partitions (using ntfs-3g), and the ClamAV virus scanner (including a fairly recent signature database and a GUI). It provides partition handling with gParted and also has a network boot facility.
scanmem is a simple interactive debugging utility for Linux that can be used to locate the address of a variable in an executing program. scanmem can then be used to modify the variable once, or continually over a period of time. It is similar to the "pokefinders" used to cheat at video games.
dietsniff is a tiny tool for analyzing traffic on a network. It's not intended to replace well-known tools like tcpdump or ethereal. It's intended for the case when a small and especially static sniffer is required. Accordingly, it's also by far not that powerful, and is also bound to Linux as a platform. While it doesn't use or need the libpcap, it produces pcap-logs that can be analyzed by more sophisticated tools like tcpdump or Ethereal.
Alerttail monitors a given file and executes a list of actions when a user-defined text pattern has been written to the file. For example, the user can pop up a GTK notification window when a certain message is written to a log file. Actions can be alerttail built in actions (GTK notify action, geoipLocalization action, or filtering text action) or a custom user defined shell command action. A Qt 4 GUI frontend helps with configuration.