SAMHAIN v3.0.2a Released

The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.

Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.

Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).

Changelog v3.0.2a

3.0.2a:

Fix compile error on Solaris 10

3.0.2:

change sql init scripts to make bigint fields unsigned (problem reported by A. Sabitov)
patch by Andy Jack for issue with the –with-gpg option (hangs with high cpu load at startup)
call ./samhain-install.sh as /bin/sh ./samhain-install.sh in the RPM spec file, because /var might be mounted noexec (reported by GC)
fixed configure.ac for the case that –with-gpg and –enable-nocl are used (./samhain for gpg checksum; problem report by Andy Jack)
fixed a potential NULL pointer dereference in sh_inotify.c on systems where inotify is not available (reported by <anonymous>)
fixed: the config file template mentions (in a comment) the non-existent directive SetLockPath instead of the correct SetLockfilePath (reported by Curtis).
fixed: the definition of O_NOATIME isn’t seen in sh_files.c.