guard bash is a shell wrapper that will execute an authentication phase before any command is executed. It uses a secret (user owned) algorithm method, and has a per user customizable procedure. If you need to connect to your computer from outside of your safe environment, even if you use SSH, you are vulnerable to simple attacks like key sniffing or to more complex attacks against SSH. If you have more than just one authentication method, you can more safely log in your account from an insecure Internet host.
xSH-Paranoia Patch is an project started for admins who work in large system environments. It allows you to see which user executes which command, when, where, and from what IP address. It logs everything to syslog, and with syslog-ng, you can log it to another machine where no user should/would have access. Currently supported shells are bash and tcsh.
epto is a small library and framework for industrial strength shell script programming with sh. It features convenient error handling, tracing, logging, option handling, documentation template, process level transaction safety (sort of), and more. If one is used to shell programming, it takes less than five minutes of learning to start using it (see the crash course in the README file).
Hardened Debian improves Debian GNU/Linux with high security and hardening features, hardened kernels and packages, DHKP, and other security related enhancements. It makes systems more difficult to compromise using common attacks such as race conditions, chroot jail escapes, and buffer overflows.
sudosh can be used as a default login shell or a filter that takes advantage of PTY devices in order to sit between the user's keyboard and a program, in this case a shell. It was designed specifically to be used in conjunction with sudo, and allows the execution of a root or application shell with logging. It is basically a VCR and will record root shell sessions and also has the ability to play back the sessions as they were originally recorded. It records all input/output, keyboard input, and timing information so that the session can be played back in the original format.