Samhain (software)
Samhain is an integrity checker and host intrusion detection system that can be used on single hosts as well as large, UNIX-based networks. It supports central monitoring as well as powerful stealth features to run undetected in memory, using steganography.
Main features
- Complete integrity check
- * uses cryptographic checksums of files to detect modifications,
- * can find rogue SUID executables anywhere on a disk, and
- Centralized monitoring
- * native support for logging to a central server via encrypted and authenticated connections
- Tamper resistance
- * database and configuration files can be signed
- * log file entries and e-mail reports are signed
- * support for stealth operation