The samhain file integrity / intrusion detection system

Executive summary

samhain is an open source file integrity and intrusion
detection system for Linux and Unix that uses cryptographic
checksums of files to detect modifications, and allows you
to trace: what changes have occured in your system, when
these changes have occured, and who was logged into the
system at the respective time. 

Features

Standalone				Client/Server
runs as daemon process			centralized monitoring
detects kernel module rootkits (Linux)	secure client/server
					connections:
signed, tamper-resistant log file	- strong authentication
signed, tamper-resistant e-mail reports	- 192 bit AES encryption
flexible & easy configuration		server HTML status page
					for the clients
shell-style wildcards in file names	checksum database(s)
					stored on server
support for stealth operation		unlimited number of clients
multiple logging facilities		also can receive remote
					syslog messages

Platforms

samhain has been tested on Linux, FreeBSD, AIX 4.x, HP-UX
10.20, Unixware 7.1.0, Solaris 2.6, 2.8, and Alpha/True64.
We have reports on smooth installation on OpenBSD and
HP-UX 11 systems as well. samhain builds cleanly on Mac OS
X, but is not tested by us on this platform. If you have
a platform that is more or less POSIX-compliant but is not
listed here, we may help you to get samhain running. Just
send a mail to support@la-samhna.de. 

samhain is reported to build and run on Windows 2000 (tm)
in the Cygwin environment (Cygwin is a free POSIX emulation
for Windows). However, please note that Cygwin "uses shared
memory areas to store information on Cygwin processes. Because
these areas are not protected in any way, in principle a
malicious user could modify them to cause unexpected behaviour
in Cygwin processes" (from the Cygwin User Guide). 

The samhain homepage is located at:

	http://samhain.sourceforge.net/