Automate Sun's Patchdiag tool with a command-line or X-Windows interface.

An open source OpenPGP compatible encryption system. Provides data integrity services for messages and data files by using digital signatures, encryption, and compression.

Tools such as tcpdump and traceroute.

Allows improved monitoring and alerting based on the contents of system logs.

Automated scanning of unix logfiles for intrusion attempts and software failures. Search is via egrep patterns and results are emailed. Includes download, PGP signature, sample report and mailing list.

Efficient stealth port scanner. Downloads, e-mail lists, news.

Changing passwords safely across the net.

Strong cryptographic software, libraries, and information about cryptography, data security, and privacy.

Open source implementation of SSH1 and SSH2 protocols. Ported from OpenBSD by the OpenSSH portability team.

A collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Daemon implementing IDENT protocol, it can be used to identify the user who initiated a TCP/IP connection

Drop-in Sendmail replacement by Wietse Venema. Offers several features that make it difficult to crack.

(Security Administrator's Integrated Network Tool) Scans systems and networks and reports potential vulnerabilities.

Run selected commands as root, with the users' own password. Allows the administrator to grant limited root privileges to a subset of users, without giving out the root password.

Execute root-level commands and shell scripts without having to actually login as root. Control which users can log in and under which circumstances.

The Coroner's Toolkit (TCT) provides post-break-in data collection that could be useful in determining what happened. Less polished that the authors (Dan Farmer and Wietse Venema) usual work, the toolkit offers a patch-work of tools that help exhume interesting stuff from violated systems. Should be installed and examined before a break-in happens!

SUS is a utility to allow a user (typically a system administrator) to run a single command as the super user.

Open source version of the original Unix file integrity scanner. Calculates and stores signatures of file permissions, ownership and contents. Scans the same files later, detecting changes. This open source version is targeted at Linux systems.

Data integrity system that detects unauthorized changes to data on servers and routers and sends notifications. Immediate remediation of altered data is possible.

VXE defines restrictions for filesystem and all syscalls. More convenient than chroot(); (free for non-commercial use).

lsof is a tool for examining I/O channels open on your Unix system. These can include files, FIFOs and network sockets. This information can be extremely useful for security and a variety of other purposes. Works on most Unix-like systems.

mcrypt is a replacement for the unix crypt, using several block algorithms in several modes like cbc, cfb etc.

A pair of Perl scripts that provide an audited root shell using sudo and script(1). Tarballs, RPM's and individual components.