The SAMHAIN file integrity / host-based intrusion detection system

Overview

The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.

Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.

Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).

«We have samhain running on over 200 servers being managed by beltane. Its working really well so far. Excellent software.»

-- Mike

Samhain in the press

Features

» Centralized monitoring

The client/server architecture allows central logging, central storage of baseline databases and client configurations, and central updates of baseline databases.

» Web-based management console

The web-based Beltane console, available as separate package, allows to monitor server and client activity, view client reports, and update the baseline databases.

» Flexible logging

Samhain supports multiple logging facilities, each of which can be configured individually.

» Tamper resistance

Samhain offers PGP-signed database and configuration files, a stealth mode, and several more features to protect its integrity.