Binary package “samhain” in ubuntu lucid
Data integrity and host intrusion alert system
Samhain is an integrity checker and host intrusion detection system that
can be used on single hosts as well as large, UNIX-based networks.
It supports central monitoring as well as powerful (and new) stealth
features to run undetected on memory using steganography.
* Complete integrity check
+ uses cryptographic checksums of files to detect
+ can find rogue SUID executables anywhere on disk, and
* Centralized monitoring
+ native support for logging to a central server via encrypted
and authenticated connections
* Tamper resistance
+ database and configuration files can be signed
+ logfile entries and e-mail reports are signed
+ support for stealth operation