Samhain 4.2.2

Samhain is a file integrity / intrusion detection system that can be used on single hosts as well as on networks. It been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and baseline database storage, although it can also be used as standalone application on a single host.

Tags log-analysis security monitoring posix macos windows bsd linux system-administrators
License GNU GPL
State stable

Recent Releases

4.2.205 Jul 2017 03:15 bug fixes: This release fixes some bugs in the port checking module, and provides better diagnostics for failure to write the baseline database at initialisation.
4.2.107 Apr 2017 03:15 bug fixes: This release fixes compile errors on Solaris 11, a bus error on Solaris/SPARC, a compile error with the musl libc, and a potential problem with the initscript on RedHat. A bug in the SetSocketPassword option has been fixed, and case sensitivity in directives of the port check module has been eliminated.
4.2.001 Nov 2016 03:15 enhancements, bug fixes: This release adds an option to define the flags supplied to auditd, and a portcheck option to monitor a device regardless of the assigned address. Some minor bugs have been fixed.
4.1.522 Oct 2016 03:15 minor bugfix: Memory leak in server.
4.1.410 Aug 2016 03:15 minor bugfix: Problems with wildcard pattern re-evaluation: Not stored if no match at startup. Only one (the first) stored if same pattern for file and dir. Problems with directory creation in inotify watched tree: Recursive depth not decreased. Watched as directory even when recursion depth should drop below zero.
4.1.303 Jun 2016 03:15 minor bugfix: on Cygwin, the AvoidBlock function is now off by default. (problem reported by Fred C). Tighter sanity checks in sh_static.c. Regression with '--enable-static' in sh_static.c.
3.1.527 Mar 2015 03:45 major bugfix: Fix IPv6 issue with portcheck (need to be able to specify IPv6 interfaces). Fix minor issues with bugs in testing code Add command line option '--server-host' to set the log server. In start script template, add code to read options from /etc/sysconfig/ NAME for RedHat.
3.1.417 Feb 2015 18:43 major bugfix: A bug has been fixed that was introduced in version 3.1.2 and would cause the database initialisation to fail if the configuration asks to check a non-existent file. Also, a problem in handling very large UNIX groups has been fixed, and the detection of the rpmbuild top directory (for 'make rpm') has been improved.
3.1.301 Nov 2014 07:48 minor bugfix: A potential deadlock in the UNIX entropy gatherer (only used on systems without /dev/(u)random device) has been fixed. Error reporting for an 'update' failure because of a missing local baseline database has been improved.