Debian Package a Day's Journal

samhain - Data integrity and host intrusion alert system

Samhain is an integrity checker and host intrusion detection system that can be used on single hosts as well as large, UNIX-based networks. It supports central monitoring as well as powerful (and new) stealth features to run undetected on memory using steganography.

Main features
Complete integrity check

uses cryptographic checksums of files to detect modifications,

can find rogue SUID executables anywhere on disk, and

Centralized monitoring

native support for logging to a central server via encrypted and authenticated connections

Tamper resistance

database and configuration files can be signed

logfile entries and e-mail reports are signed

support for stealth operation

Homepage: http://la-samhna.de/samhain/index.html

This and many, many other fine package suggestions come from Robert Waldner. Robert adds:

Poor mans tripwire, I'd call it. Also bloody useful for co-adminned systems, because it also functions as a notifier telling you which config-file has just changed. Good companion to running chkrootkit from a trusted boot-environment.

More information on this package can be found on the Debian web site.
(If there is a package you would like to see featured here, go to the userinfo page and follow the directions there to submit your entry.)

Now available in RSS and ATOM flavors too.

Advertisement