[SAMHAIN v3.0.11 & BELTANE v2.4.6] Host-based intrusion detection system (HIDS)

The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.

Samhain been designed to monitor multiple hosts with potentially different operating systems, providingcentralized logging and maintenance, although it can also be used as standalone application on a single host.

Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).

Changelog

SAMHAIN v3.0.11

• Log rotation is handled more gracefully now under favourable conditions (logfile is moved so inode is kept, and it does not get compressed immediately).
• Debian client packages can be created with a preset password now (this was possible for RPMs since 3.0.8).
• An option IgnoreModified has been added to cover transient files that not only get added/deleted but also modified during their lifetime.
• An option KernelCheckProc has been added to suppress the kernel /proc test.
• Large groups are handled better now.
• A compile error on HP-UX has been fixed.
• Reconnecting to a temporarily unavailable Oracle database has been fixed.

BELTANE v2.4.6

Version 2.4.6 of the Beltane II web frontend has been released.

Changes:

• Better detection of setup problems (e.g. missing PHP posix module).
• Minor UI improvements.

Download SAMHAIN v3.0.11 & BELTANE v2.4.6

[SAMHAIN 3.0.9] File Integrity Checker / Host-Based Intrusion Detection System

The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.

Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.

Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Some build errors have been fixed, as well as the 'probe' command for the server (clients could be erroneously omitted under certain conditions). An option has been added to the Windows registry check to ignore changes if only the timestamp has changed, and full scans requested by the inotify module will now only run at times configured for regular full scans. 

Download SAMHAIN 3.0.9