samhain 2.3.0 review
DownloadSamhain is a multiplatform, open source solution for centralized file integrity checking / host-based intrusion detection on POSIX sy
|
|
Samhain is a multiplatform, open source solution for centralized file integrity checking / host-based intrusion detection on POSIX systems (Unix, Linux, Cygwin/Windows).
samhain project has been designed to monitor multiple hosts with potentially different operating systems from a central location, although it can also be used as standalone application on a single host.
Here are some key features of "samhain":
Centralized monitoring
Samhain clients (or agents) can connect to a central log server via secure (encrypted and authenticated) TCP connections. This allows central logging to the server, central storage of baseline databases and client configuration data, and central updates of baseline databases.
Web-based management console
For client/server installations, a web-based console - Beltane - is available as separate package. Beltane allows to monitor server and client activity, view client reports, and update the baseline databases on the server side.
Multiple logging facilities
Samhain supports multiple logging facilities, each of which can be configured individually. Supported logging facilities include (but are not limited to) tamper-resistant logfile, syslog, email, relational databases (MySQL, PostgreSQL, Oracle, or unixODBC) and the Prelude IDS.
Tamper resistance
Samhain offers PGP-signed database and configuration files, a stealth mode, and several more features to protect against attempts to subvert the integrity of the samhain client / agent.
What's New in This Release:
Checking of SELinux attributes and Posix ACLs is possible now.
Two new modules to check for hidden processes and open ports have been added, and a couple of bugs have been fixed.
Upgrading to this release requires an update of the table definition if logging to an RDBMS is enabled.
samhain 2.3.0 keywords