md5mon is a shell script that verifies files by computing their checksums. The script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
Spinlogs is a shell script for rotating system logs. It is configurable through a text file similar in format and featureset to the newsyslog program in FreeBSD. Any Unix system running ksh should be able to use it. There are many options defining how and when log files should be rotated, and the config file is very straightforward. Rotating log files is a pretty simple task, but some commercial platforms don't include anything better than the old "newsyslog", so this is provided as a system-independent alternative.
fwanalog is a shell script that parses and summarizes firewall logfiles. It understands logs from ipf (xBSD, Solaris), OpenBSD 3.x pf, Linux 2.2 ipchains, Linux 2.4 iptables, and a few types of routers and firewalls (Cisco, Checkpoint FW-1, and Watchguard). The excellent log analysis program Analog is used to create the reports.
Lire is a pluggable log analyzer. It has analyzers for over 25 log file formats, ranging from Apache WWW log files to iptables firewall logs and CUPS printing logs. Reports are generated in 9 different output formats, ranging from Excel 95 to PDF to HTML, optionally with included graphs.
svclean is a set of utilities for enhancing svscan and supervise. With these tools, you get clean shutdown (i.e. services are guaranteed to be stopped before their loggers, so no logs are lost) and supervised logging of svscan's and supervise's output (so if the last-resort logger is killed, it can be restarted). These features are practically necessary for running svscan as process 1, but are useful even when svscan does not run as process 1.
IPFS (IPSquad Package From Source) is a system which allows you to trace an program's installation from sources and register it in your favorite packaging system (only the Slackware package system and RPM are currently supported). IPFS watches a command (generally make install), collects the list of added files, and then registers them in the chosen packaging system as if the install was made from a normal package. Unlike other similar products, IPFS is able to track both shared and statically linked programs.
DIY Zoning is a set of tools and instructions for controlling a state-of-the-art HVAC (Heating, Ventilation, and Air Conditioning) system. It covers airflow balancing, temperature control and zoning, energy conservation measures, remote access, 1-wire devices, and home automation.
Logrep is a secure multi-platform tool for the collection, extraction, and presentation of information from various log files. It features HTML reports, multi-dimensional analysis, overview pages, SSH communication, and graphs, and supports 25 popular systems including Snort, Squid, Postfix, Apache, Sendmail, syslog, iptables/ipchains, xferlog, NT event logs, Firewall-1, wtmp, Oracle listener, and Pix.
The Bait and Switch Honeypot System combines the snort Intrusion Detection System (IDS) with honeypot technology to create a system that reacts to hostile intrusion attempts by marking and then redirecting all "bad" traffic to a honeypot that partially mirrors your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data, while your clients and/or users are still safely accessing the real system. Life goes on, your data is safe, and you get to learn about the bad guy as an added benefit. It works with Snort 1.9.0, 1.9.1, and 2.0.2.
fwsnort translates snort rules into an equivalent iptables ruleset. By making use of the iptables string match module, fwsnort can detect application layer signatures which exist in many snort rules. fwsnort adds a --hex-string option to iptables, which allows snort rules that contain hex characters to be input directly into iptables rulesets without modification. In addition, fwsnort makes use of the IPTables::Parse Perl module in order to (optionally) restrict the snort rule translation to only those rules that specify traffic that could potentially be allowed through an existing iptables policy.