SAMHAIN v3.1.2 Released
The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
Samhain been designed to monitor multiple hosts with potentially different operating systems, providingcentralized logging and maintenance, although it can also be used as standalone application on a single host.
Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).
- Workaround for gcc compiler bug with inline asm (gcc 4.8).
- Allow multiple exclusions for SUID check (requested feature).
- Fix for the LZO integer overflow (CVE-2014-4607; does *not* affect samhain, but fixed nevertheless).
- Fixed incorrect logic in setting the ALLIGNORE flag (more specific directory / file directives were ignored).
- Fix for repetitive warning about deleted top-level directories (i.e. directories that are values in a dir=… directive).
- Fix reporting of deleted/added top level directories.
Download SAMHAIN v3.1.2