SAMHAIN v3.0.4 – file integrity / host-based intrusion detection system

samhain is a daemon that can check file integrity, search the file tree for SUID files, and detect kernel module rootkits (Linux only). It can be used either standalone or as a client/server system for centralized monitoring, with strong (192-bit AES) encryption for client/server connections and the option to store databases and configuration files on the server. For tamper resistance, it supports signed database/configuration files and signed reports/audit logs. It has been tested on Linux, FreeBSD, Solaris, AIX, HP-UX, and Unixware.Features :
» Centralized monitoring :
The client/server architecture allows central logging, central storage of baseline databases and client configurations, and central updates of baseline databases.
» Web-based management console :
The web-based Beltane console, available as separate package, allows to monitor server and client activity, view client reports, and update the baseline databases.
» Flexible logging :
Samhain supports multiple logging facilities, each of which can be configured individually.
» Tamper resistance :
Samhain offers PGP-signed database and configuration files, a stealth mode, and several more features to protect its integrity.Installation :
Read the README and/or the manual for options you may want to supply to configure, then do:

$ ./configure [options]
$ make
$ make install

(There is also a working make uninstall. Just to let you know.)

If you have an incarnation of ‘dialog’ (xdialog, dialog, lxdialog) installed, you can alternatively use the GUI install tool:

$ ./

After installation, you should first review the configuration file (by default /etc/samhainrc), especially with respect to network addresses such as the email address, and files/directories you may want to have checked. Next, you have to initialize the database:

$ samhain -t init

Then, you can start samhain in daemon mode to check your system in intervals as specified in the configuration file:

$ samhain -t check -D

On most systems, after the $ make install, you can add
$ make install-boot to install the necessary scripts to start up samhain every time you boot your machine (supported: Linux, FreeBSD, MacOS X, Solaris, HP-UX, AIX).

Download right here :  samhain-current.tar.gz
Read more in here :