Two tools I haven't seen mentioned: denyhosts http://denyhosts.sourceforge.net/ - ssh attack prevention dstat http://dag.wieers.com/home-made/dstat/ - combines vmstat, iostat, netstat etc I also usually create some new ssh keys and on my own machines configure syslog and /etc/aliases appropriately.