Jim's Security Tools

The following is a collection of tools designed to help sysadmins monitor their systems. There's no guarantee you'll like any of them, but I hope they help. In the course of writing them over about a 9 month period, I've found different ways to do different things, so there are some inconsitencies in programming style and design amongst the programs. One day, I'll decide on the One True Way do things, and they'll all conform.
DataTrack-0.3.tar.gz
Program for tracking hashed data . For use with the fsaudit program.

Notify-0.2.tar.gz
Data output object. For use with the Watchlog modules.

ProcTreeNode-0.1.tar.gz
Make a tree out of ps output...also used to check for unauthorized root shells

ProcTree-0.1.tar.gz
Make a process tree using the Proc::ProcessTable module. Only tested on Solaris, although Linux may work. Check out the current state of the Proc::ProcessTable module.

Watchlog-0.2.tar.gz
Watches your logs ala tail -f and reports nasty things.

0.1->0.2 Fixed bug that could hang the program after a log rotation

catchscan
Log ports scans to syslog

fsaudit
Checks filesystems for suspicious directory names

ifcheck
Checks for promisc mode on Solaris

logstats-0.8.tar.gz
Stats on your logs, fast.

unsuid
Turn off all unwanted suid programs -- run in a cron job before your most recent patches are disted out

Notes: