About:
samhain is a daemon that can check file integrity, search the file tree for SUID files, and detect kernel module rootkits (Linux only). It can be used either standalone or as a client/server system for centralized monitoring, with strong (192-bit AES) encryption for client/server connections and the option to store databases and configuration files on the server. For tamper resistance, it supports signed database/configuration files and signed reports/audit logs. It has been tested on Linux, FreeBSD, Solaris, AIX, HP-UX, and Unixware.

Author:
rainer [contact developer]

Rating:	reset 1 2 3 4 5 6 7 8 9 10
8.26/10.00 (7 votes)

Homepage:
http://la-samhna.de/samhain/
Tar/GZ:
http://la-samhna.de/samhain/samhain-current.tar.gz

Trove categories: [change]

[Development Status]		5 - Production/Stable
[Environment]		Console (Text Based), No Input/Output (Daemon)
[Intended Audience]		End Users/Desktop, System Administrators
[License]		OSI Approved :: GNU General Public License (GPL)
[Operating System]		POSIX
[Programming Language]		C
[Topic]		Security

Dependencies: [change]
No dependencies filed

 Branches

Branch	Version	Last release	License	URLs
Default	2.5.0	03-Nov-2008	GNU General Public License (GPL)

 Comments

[»] Samhain rocks da house!!!
by s k 0 0 t - Mar 21st 2001 12:59:05

This is bar none *THE* coolest integrity checker out there. I've played with every single one I can find: Tripwire, Sentinel, Aide, FCheck, Viper, etc., etc., and this is the sh*t!

Why?

1. Platform-independent (builds on just about anything)
2. Small footprint
3. Fast
4. Stealth mode (very cool)
5. Clean code (not somebody's sophomore C project)
6. Client / server mode (send reports to a central server over a secure channel)
7. Obscure Glen Danzig reference
8. Docs that don't suck and an active development community

[reply] [top]