xSH-Paranoia Patch is an project started for admins who work in large system environments. It allows you to see which user executes which command, when, where, and from what IP address. It logs everything to syslog, and with syslog-ng, you can log it to another machine where no user should/would have access. Currently supported shells are bash and tcsh.
ADMLogger is a log analyzing engine. Using this core, users could easily build upon it with plugins. With very little Perl programming knowledge, it may become a powerful tool in a System Administrator's toolbox. ADMLogger creates email reports that can be formatted plain text or full HTML, which is up to the plugin designers to support. The main system has an HTML preference, so if your plugin ignores it, so be it. ADMLogger will also remove all filtered entries from the main syslog file into a second file so your other entries are more noticable.
pf2x is a PHP script that will take the output of your pflog and convert it into various different output formats. These output formats include plain text, XML, HTML, PDF, and MySQL INSERT statements for import into a MySQL database. This was developed and tested on OpenBSD 3.3 but should work for any system that uses PF.
IMLogger provides a usable program to enable network administrators to log certain instant messaging activities (namely, login and logout). AOL is currently supported, with Yahoo, MSN, and Jabber protocols in the works. This is very useful in Universities where campus police want to trace a SN back to a port/dorm room.
wtch periodically runs a shell command COMMAND and watches its output. When it changes it runs shell command ACTION. More precisely, it runs ACTION when a specified event occurs. The event can be a change of COMMAND's output, a change matching a certain pattern, or its negation, output equal to some previous output, etc. The output pattern defining an event is set by the --pattern option. By default, it simply detects any COMMAND output change.
IPFS (IPSquad Package From Source) is a system which allows you to trace an program's installation from sources and register it in your favorite packaging system (only the Slackware package system and RPM are currently supported). IPFS watches a command (generally make install), collects the list of added files, and then registers them in the chosen packaging system as if the install was made from a normal package. Unlike other similar products, IPFS is able to track both shared and statically linked programs.
sysklogd-sql is a port of the sysklogd daemon that can log data to a MySQL or PostgreSQL database running either on the same machine or a remote database server. The SQL configuration is done in the standard syslog.conf file for easy administration and configuration. Also included is a set of sample PHP scripts to query the data from the syslog database. In a large environment, you can set up a central logging server, or configure a secure syslog environment that will make it very difficult to tamper with the syslog data.
NetEclipse is a suite of tools created for testing TCP/IP weaknesses and using them in a non-conventional way, such as testing security and limits of IP version 4 protocols. This project will include a sniffer, a TCP hijacker, an ARP poisoner and a TCP tunnel through ICMP/IGMP packets. Only the sniffer is currently complete.