Linux Tools: samhain


Samhain is an integrity checker and host intrusion detection system
that can be used on single hosts as well as large, UNIX-based
networks. It supports central monitoring as well as powerful (and
new) stealth features to run undetected on memory using
Main features:
  • Complete integrity check
  • uses cryptographic checksums of files to detect modifications,
  • can find rogue SUID executables anywhere on disk
  • Centralized monitoring
  • native support for logging to a central server via encrypted and authenticated connections
  • Tamper resistance
  • database and configuration files can be signed
  • logfile entries and e-mail reports are signed
  • support for stealth operation .
version: samhain 2.8.3a-1
size: 1.7 MB to download, 7.6 MB when installed