AIDE The Advanced Intrusion Detection Environment is a tool that checks file integrity.
Arpwatch This tool keeps track of MAC-IP address pairings by monitoring ARP traffic; it can report detected changes via syslog and email.
Bastille This security hardening tool runs in both interactive and automated modes; it replaces the harden_suse script that was previously included with SLES 8.
Ethereal This is an excellent packet sniffer and decoder.
IPTraf This tool is a console-based network statistics reporting utility.
John the Ripper This tool detects weak passwords.
ippl This IP protocol logger tracks incoming ICMP messages, TCP connections, and UDP datagrams.
Logsurfer This tool allows log files to be monitored, and when a predefined event is encountered, action (such as an email alert) can be triggered.
mon This tool monitors the availability of network services.
Nagios Similar to mon, this tool performs periodic checks on the availability of hosts and services; for more information, visit http://www.nagios.org.
Nessus This excellent security scanner can test for and report on more than 900 known weaknesses.
nmap This tool scans a host and reports on open ports.
SAINT The Security Administrator's Integrated Network Tool is an enhanced version of the network security vulnerability scanner, SATAN (Security Administrator's Tool for Analyzing Networks).
scanlogd This daemon can detect and log port scans that are directed at its host.
seccheck This security-checking script can be executed periodically via cron and reports results via email.
Snort This excellent packet sniffer can also be used as a lightweight network intrusion detection system.
tcpd This tool provides the tcp_wrapper software that inetd/xinetd can use to secure network services (such as telnet and finger) they manage.
Tripwire This application can monitor filesystems and report on detected changes.