samhain
samhain - Data integrity and host intrusion alert system
Samhain is an integrity checker and host intrusion detection system that can be used on single hosts as well as large, UNIX-based networks. It supports central monitoring as well as powerful (and new) stealth features to run undetected on memory using steganography.
Main features
* Complete integrity check
+ uses cryptographic checksums of files to detect modifications,
+ can find rogue SUID executables anywhere on disk, and
* Centralized monitoring
+ native support for logging to a central server via encrypted and authenticated connections
* Tamper resistance
+ database and configuration files can be signed
+ logfile entries and e-mail reports are signed
+ support for stealth operation
Install samhain in Debian
#apt-get install samhain
samhain - Data integrity and host intrusion alert system
Samhain is an integrity checker and host intrusion detection system that can be used on single hosts as well as large, UNIX-based networks. It supports central monitoring as well as powerful (and new) stealth features to run undetected on memory using steganography.
Main features
* Complete integrity check
+ uses cryptographic checksums of files to detect modifications,
+ can find rogue SUID executables anywhere on disk, and
* Centralized monitoring
+ native support for logging to a central server via encrypted and authenticated connections
* Tamper resistance
+ database and configuration files can be signed
+ logfile entries and e-mail reports are signed
+ support for stealth operation
Install samhain in Debian
#apt-get install samhain
No comments:
Post a Comment