md5mon is a shell script that verifies files by computing their checksums. The script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel. In addition to the new features, some versions of the patch contain various security fixes. The "hardening" features of the patch, while not a complete method of protection, provide an extra layer of security against the easier ways to exploit certain classes of vulnerabilities and/or reduce the impact of those vulnerabilities. The patch can also add a little bit more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing.
Secure Syslog is a cryptographically secure system logging tool for UNIX systems. Designed to replace the syslog daemon, ssyslog implements a cryptographic protocol called PEO-1 that allows the remote auditing of system logs. Auditing remains possible even if an intruder gains superuser privileges in the system, the protocol guarantees that the information logged before and during the intrusion process cannot be modified without the auditor (on a remote, trusted host) noticing.
dirgroup is a Perl script for merging the contents of a directory, /etc/group.d, into the file /etc/group. Storing group information in a directory allows users other than root to own and manage Unix groups. This minor change to Unix permission semantics provides many of the advantages of much more complex ACL systems.
Worm Report is a very simple Perl script to filter out the known worm (Code Red, Nimda) hits from the access log, and put them into their own files named for the IP/Host that has been "wormed". A basic report containing the count, hostname, ip, and a guess at the parent domain is then printed to STDOUT to facilitate contacting these individuals. Adding a new worm requires adding a new worm hit string to the DATA section of the script, nothing so fancy (or exhaustive) as an Apache module.
The poor man's daily snapshot, glastree builds live backup trees with branches for each day. Users directly browse the past to recover older documents or retrieve lost files. Hard links serve to compress unchanged files, while modified ones are copied verbatim. A prune utility effects a constant, sliding window. It is implemented as a set of Perl scripts.