Installwatch is a simple utility which keeps track of which files are created and modified during the installation of a new program. It's fast and easy to use. It doesn't require a "pre-install" phase because it monitors processes while they run. Installwatch works with every dynamically linked ELF program, by intercepting system calls that cause file system alterations.
svclean is a set of utilities for enhancing svscan and supervise. With these tools, you get clean shutdown (i.e. services are guaranteed to be stopped before their loggers, so no logs are lost) and supervised logging of svscan's and supervise's output (so if the last-resort logger is killed, it can be restarted). These features are practically necessary for running svscan as process 1, but are useful even when svscan does not run as process 1.
Packet2sql will convert any text file/log file which contains ipchains packet logs into a stream of SQL inserts. The SQL can be saved into a file and used as a query to any SQL-92 compliant database. This can even be done on-the-fly from syslogd directly to the database. The database can be used as a base for a firewall-analyzing application, to identify attack signatures, to share security information easily with other sites, and to extract the domains of logged attackers for whois.
Worm Report is a very simple Perl script to filter out the known worm (Code Red, Nimda) hits from the access log, and put them into their own files named for the IP/Host that has been "wormed". A basic report containing the count, hostname, ip, and a guess at the parent domain is then printed to STDOUT to facilitate contacting these individuals. Adding a new worm requires adding a new worm hit string to the DATA section of the script, nothing so fancy (or exhaustive) as an Apache module.