samhain - Data integrity and host intrusion alert system

Samhain is an integrity checker and host intrusion detection system that can be used on single hosts as well as large, UNIX-based networks. It supports central monitoring as well as powerful (and new) stealth features to run undetected on memory using steganography.

Main features

• Complete integrity check


• uses cryptographic checksums of files to detect modifications,


• can find rogue SUID executables anywhere on disk, and


• Centralized monitoring


• native support for logging to a central server via encrypted and authenticated connections


• Tamper resistance


• database and configuration files can be signed


• logfile entries and e-mail reports are signed


• support for stealth operation

Homepage: http://la-samhna.de/samhain/index.html

This and many, many other fine package suggestions come from Robert Waldner. Robert adds:

Poor mans tripwire, I'd call it. Also bloody useful for co-adminned systems, because it also functions as a notifier telling you which config-file has just changed. Good companion to running chkrootkit from a trusted boot-environment.

More information on this package can be found on the Debian web site.
(If there is a package you would like to see featured here, go to the userinfo page and follow the directions there to submit your entry.)

Now available in RSS and ATOM flavors too.