Samhain is an integrity checker and host intrusion detection system that can be used on single hosts as well as large, UNIX-based networks. It supports central monitoring as well as powerful (and new) stealth features to run undetected on memory using steganography.
- Complete integrity check
- uses cryptographic checksums of files to detect modifications,
- can find rogue SUID executables anywhere on disk, and
- Centralized monitoring
- native support for logging to a central server via encrypted and authenticated connections
- Tamper resistance
- database and configuration files can be signed
- logfile entries and e-mail reports are signed
- support for stealth operation
This and many, many other fine package suggestions come from Robert Waldner. Robert adds:
Poor mans tripwire, I'd call it. Also bloody useful for co-adminned systems, because it also functions as a notifier telling you which config-file has just changed. Good companion to running chkrootkit from a trusted boot-environment.
More information on this package can be found on the Debian web site.
(If there is a package you would like to see featured here, go to the userinfo page and follow the directions there to submit your entry.)
Now available in RSS and ATOM flavors too.