Samhain 4.4.6

Samhain is a file integrity / intrusion detection system that can be used on single hosts as well as on networks. It been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and baseline database storage, although it can also be used as standalone application on a single host.

Tags log-analysis security monitoring posix macos windows bsd linux system-administrators
License GNU GPL
State stable

Recent Releases

4.4.606 Sep 2021 07:25 bug fixes: This release fixes a compile error on Debian 10, problems with the 'make deb' makefile target, and an issue with the support for inotify.
4.4.202 Aug 2020 03:15 bug fixes: This release fixes a regression in the server install routine, enables parsing the my.cnf file, and improves the portable installer option.
4.4.001 Nov 2019 05:45 feature enhancement: This release supports OpenBSD signify as alternative to GnuPG for signing configuration and baseline database files.
4.3.312 Jul 2019 03:15 bug fixes, minor feature enhan: This release fixes issues with DEB/RPM package creation and with the mysql init script. Systemd support has been added, and a patch to initialize for an alternative root fs has been included.
4.2.422 Dec 2017 13:05 bug fixes: This release fixes some issues with the creation of DEB and RPM packages, as well as a bug in the static DNS resolver.
4.2.205 Jul 2017 03:15 bug fixes: This release fixes some bugs in the port checking module, and provides better diagnostics for failure to write the baseline database at initialisation.
4.2.107 Apr 2017 03:15 bug fixes: This release fixes compile errors on Solaris 11, a bus error on Solaris/SPARC, a compile error with the musl libc, and a potential problem with the initscript on RedHat. A bug in the SetSocketPassword option has been fixed, and case sensitivity in directives of the port check module has been eliminated.
4.2.001 Nov 2016 03:15 enhancements, bug fixes: This release adds an option to define the flags supplied to auditd, and a portcheck option to monitor a device regardless of the assigned address. Some minor bugs have been fixed.
4.1.522 Oct 2016 03:15 minor bugfix: Memory leak in server.
4.1.410 Aug 2016 03:15 minor bugfix: Problems with wildcard pattern re-evaluation: Not stored if no match at startup. Only one (the first) stored if same pattern for file and dir. Problems with directory creation in inotify watched tree: Recursive depth not decreased. Watched as directory even when recursion depth should drop below zero.
4.1.303 Jun 2016 03:15 minor bugfix: on Cygwin, the AvoidBlock function is now off by default. (problem reported by Fred C). Tighter sanity checks in sh_static.c. Regression with '--enable-static' in sh_static.c.
3.1.527 Mar 2015 03:45 major bugfix: Fix IPv6 issue with portcheck (need to be able to specify IPv6 interfaces). Fix minor issues with bugs in testing code Add command line option '--server-host' to set the log server. In start script template, add code to read options from /etc/sysconfig/ NAME for RedHat.
3.1.417 Feb 2015 18:43 major bugfix: A bug has been fixed that was introduced in version 3.1.2 and would cause the database initialisation to fail if the configuration asks to check a non-existent file. Also, a problem in handling very large UNIX groups has been fixed, and the detection of the rpmbuild top directory (for 'make rpm') has been improved.
3.1.301 Nov 2014 07:48 minor bugfix: A potential deadlock in the UNIX entropy gatherer (only used on systems without /dev/(u)random device) has been fixed. Error reporting for an 'update' failure because of a missing local baseline database has been improved.