Published on February 20th, 2011 | by NJ Ouchn0
SAMHAIN file integrity / intrusion detection system v2.8.2 released
The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.
Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).
- It is possible now to specify criteria for skipping the checksumming of a file (size, permissions, file type, name). This allows to avoid the I/O load caused by checksumming files that one may deem irrelevant.
- A check for invalid recursion depths has been added to the configuration file parser.
- The path of the tmp directory used in the deployment system is configurable now.
- A compile error on CentOS 4.8 with gcc 4.1.2 has been fixed.
- A bug in the check_samhain.pl nagios script has been fixed.
- Also, version 2.4.0 of the Beltane II web frontend has been released.