Samhain Labs | beltane

Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases.

As the Samhain daemon keeps a memory of file changes, the file signature database need only be up to date when the daemon restarts and downloads the database from the central server. Beltane allows you to use the information logged by the client in order to update the signature database.

Requirements

Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to an SQL database enabled.

Beltane is a PHP application, with some additional components written in C. It requires PHP version 4.3 or later, compiled as Apache module or as CGI interpreter.

On the client side, Beltane requires a Javascript capable browser, with cookies enabled. We recommend Mozilla/Firefox, as it is rumoured to be the most standard-conforming browser, but most inferior browsers may work as well.

Documentation

Documentation is provided as SGML and HTML files within the tarball. It is strongly recommended to read the documentation before attempting to install Beltane.

Beltane I

Beltane I provides the basic functionality as described above. However, due to design problems that were only fixed in Beltane II the performance for baseline updates is poor, and thus Beltane I may not be very useful if you have more than a handful of clients. Beltane I is available under the GNU Public License.

beltane-1.0.17.tar.gz (185 kB)
Release date: May 14, 2009
MD5 checksum: ae739f42fa94aeb3fa7ffed0e261a5c6
PGP signature: beltane-1.0.17.tar.gz.sig

Copyright © 2002-2009 Rainer Wichmann.
Beltane 1 ("the software") is distributed under the terms of the GNU General Public Licence ("GPL").

Beltane II

Beltane II is targeted at users with large samhain client/server installations, and offers features for significantly improved scalability and usability in such environments.

Screenshots and Presentation Slides (in pdf format).

Beltane II provides:

Major performance and scalability improvements for reduced memory consumption, much faster baseline database updates, and faster reload of the client panel
Support for Oracle Database (Beltane version 2.1.1 and above)
Client Status Display (running/dead/unknown)
Sorting and Filtering of the message list, as well as a Search function.
GnuPG Signing of client file signature databases after an update
Multiple Users with logging of login/logouts, separation of samhain clients into different groups, HTTP authentication, LDAP authentication.
Diff viewing for modified files if full file content is stored in baseline database (this is possible since samhain version 2.4.4).
User Manual available online.

Obtaining Beltane II

Beltane II is not distributed under the terms of the GNU Public license. In particular, redistribution is not permitted. Please read the license for details.

With your license, you will obtain the password for the Beltane II download directory. You will then be able to download the newest version of Beltane II whenever you wish, as often as you wish.

Limited license

A limited license (at most two installations of beltane, managing at most ten samhain clients) will be granted to anyone who has made a donation towards the development of Beltane (we suggest something on the order of EUR 25 / USD 30, but it's really up to you how much you want to donate). Please make sure to send note with your donation indicating a valid e-mail address to receive your login password, if you don't want to have it sent to your Paypal address.

If donating via Paypal is not an acceptable option for you, please refer to Samhain Services for other options.

Other license options

For unlimited licenses (unlimited number of Beltane II installations and managed samhain clients), as well as for any other license and/or payment options, please refer to Samhain Services.

Beltane

Overview