OSDN -- Develop and Download Open Source Software

RSS
Download List

Project Description

samhain is a daemon that can check file integrity, search the file tree for SUID files, and detect kernel module rootkits (Linux only). It can be used either standalone or as a client/server system for centralized monitoring, with strong (192-bit AES) encryption for client/server connections and the option to store databases and configuration files on the server. For tamper resistance, it supports signed database/configuration files and signed reports/audit logs. It has been tested on Linux, FreeBSD, Solaris, AIX, HP-UX, and Unixware.

System Requirements

System requirement is not defined
Information regarding Project Releases and Project Resources. Note that the information here is a quote from Freecode.com page, and the downloads themselves may not be hosted on OSDN.

2007-09-17 22:29
2.3.7

A bug in the 'make deb' makefile target has been fixed.
Tags: Minor bugfixes

2007-09-07 11:33
2.3.6

A problem with the SUID check has been fixed that
would prevent quarantining new SUID files already
found by the regular file system check. Also, a
new option has been added to run the SUID check on
file systems mounted with the "nosuid" flag.
Compile problems have been fixed, as well as a
potential local DoS against the server on BSD
systems lacking the getpeereid() library function.
Tags: Minor bugfixes

2007-06-21 20:01
2.3.5

This release fixes some minor bugs. The portcheck module tears down connections for some common protocols more gracefully.
Tags: Minor bugfixes

2007-05-02 22:19
2.3.4

A logical flaw has been fixed that caused the functionality of the process check module to degrade with time if samhain was run as a daemon. A memory leak in the process check module has been fixed, a bug has been fixed that caused problems if the prelink policy was used together with prelude logging, the kernel check module has been adapted for Linux 2.6.21, and a compilation problem has been fixed.
Tags: Minor security fixes

2007-04-03 02:11
2.3.3

Incompatibilities of the samhain_hide module with 2.6.19/2.6.20 kernels have been fixed. The kernel check module supports OpenBSD 4 now, and has been enhanced to verify PCI expansion ROMs on Linux. Cross-compiling has been fixed, as well as a minor problem with prelude. A bug has been fixed that caused reporting of a double leading slash for the target of symlinks in the root directory.
Tags: Minor bugfixes

Project Resources

Project Page Home Page Download: TGZ