Samhain
Jump to navigation
Jump to search
Samhain
Description
Samhain is a Host-based Intrusion Detection System (HIDS) that ensures:
- file integrity checks
- rootkits detection
- log file monitoring
- port monitoring
- detection of rogue SUID executables
- detection of hidden processes
It is compatible with Unix, Linux, Cygwin/Windows.
Installation
# cd /usr/local/src/ # wget http://la-samhna.de/samhain/samhain-current.tar.gz
Before unarchiving samhain, check md5sum:
# md5sum samhain-current.tar.gz 10d2688790801d769141f8ce10f1c33c # tar xzvf samhain-current.tar.gz samhain-2.6.4.tar.gz samhain-2.6.4.tar.gz.asc # tar xzvf samhain-2.6.4.tar.gz # cd samhain-2.6.4/ # ./configure # make # make install
If you wish to install boot script (for samhain to be automatically launched at each boot):
# make install-boot
Usage
Initialization
To initialize samhain, use:
# ./samhain -t init
Note
The initialization phase is relatively long since the tool controls the entire file system
Demon mode
# ./samhain -t check -D
Note
Notice that this is only necessary if you haven't installed boot script