Samhain is a multiplatform, open source solution for centralized file integrity checking / host-based intrusion detection on POSIX systems (Unix, Linux, Cygwin/Windows).

samhain project has been designed to monitor multiple hosts with potentially different operating systems from a central location, although it can also be used as standalone application on a single host.

Here are some key features of "samhain":
Centralized monitoring

· Samhain clients (or agents) can connect to a central log server via secure (encrypted and authenticated) TCP connections. This allows central logging to the server, central storage of baseline databases and client configuration data, and central updates of baseline databases.

Web-based management console

· For client/server installations, a web-based console - Beltane - is available as separate package. Beltane allows to monitor server and client activity, view client reports, and update the baseline databases on the server side.

Multiple logging facilities

· Samhain supports multiple logging facilities, each of which can be configured individually. Supported logging facilities include (but are not limited to) tamper-resistant logfile, syslog, email, relational databases (MySQL, PostgreSQL, Oracle, or unixODBC) and the Prelude IDS.

Tamper resistance

· Samhain offers PGP-signed database and configuration files, a stealth mode, and several more features to protect against attempts to subvert the integrity of the samhain client / agent.

What's New in This Release:
· A logical flaw has been fixed that caused the functionality of the process check module to degrade with time if samhain was run as a daemon.
· A memory leak in the process check module has been fixed, a bug has been fixed that caused problems if the prelink policy was used together with prelude logging, the kernel check module has been adapted for Linux 2.6.21, and a compilation problem has been fixed.