The samhain open source host-based intrusion detection system (HIDS) provides file and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
It has been designed to monitor multiple hosts with potentially different operating systems, providing logging and maintenance, although it can also be used as standalone on a host.
Difference between the previous version and the new one:-
- Some bugs have been fixed that under circumstances would cause samhain to hang or crash when reloading the .
- A compile error in the samhain_hide.ko kernel module has been fixed. However, it has been found that this module will not work anymore with recent kernels because of protection measures introduced in newer kernel.
- A contributed patch for samhainadmin.pl has been included (allows to specify the location of the secret keyring).
- The (l)stat timeout has been increased to fix spurious timeouts under heavy load.
- The Apache logfile parser has been enhanced to allow the insertion of arbitrary regexes into the format .
- New options PortcheckMinPort, PortcheckMaxPort allow to define the port range for ports check (requested feature).
LINK TO OUR HOME PAGE :