Debian Package a Day (debaday) wrote,

samhain - Data integrity and host intrusion alert system

Samhain is an integrity checker and host intrusion detection system that can be used on single hosts as well as large, UNIX-based networks. It supports central monitoring as well as powerful (and new) stealth features to run undetected on memory using steganography.

Main features
  • Complete integrity check

    • uses cryptographic checksums of files to detect modifications,

    • can find rogue SUID executables anywhere on disk, and

  • Centralized monitoring

    • native support for logging to a central server via encrypted and authenticated connections

  • Tamper resistance

    • database and configuration files can be signed

    • logfile entries and e-mail reports are signed

    • support for stealth operation


Homepage: http://la-samhna.de/samhain/index.html

This and many, many other fine package suggestions come from Robert Waldner. Robert adds:
Poor mans tripwire, I'd call it. Also bloody useful for co-adminned systems, because it also functions as a notifier telling you which config-file has just changed. Good companion to running chkrootkit from a trusted boot-environment.

More information on this package can be found on the Debian web site.
(If there is a package you would like to see featured here, go to the userinfo page and follow the directions there to submit your entry.)

Now available in RSS and ATOM flavors too.
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded  

  • 3 comments