The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
Samhain been designed to monitor multiple hosts with potentially different operating systems, providingcentralized logging and maintenance, although it can also be used as standalone application on a single host.
Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).
- Log rotation is handled more gracefully now under favourable conditions (logfile is moved so inode is kept, and it does not get compressed immediately).
- Debian client packages can be created with a preset password now (this was possible for RPMs since 3.0.8).
- An option IgnoreModified has been added to cover transient files that not only get added/deleted but also modified during their lifetime.
- An option KernelCheckProc has been added to suppress the kernel /proc test.
- Large groups are handled better now.
- A compile error on HP-UX has been fixed.
- Reconnecting to a temporarily unavailable Oracle database has been fixed.
Version 2.4.6 of the Beltane II web frontend has been released.
- Better detection of setup problems (e.g. missing PHP posix module).
- Minor UI improvements.