Samhain is an open-source host-based intrusion detection system (HIDS) for POSIX systems. It provides file integrity checking, log file monitoring and analysis, rootkit detection, and port monitoring.
Samhain is an open-source, host-based intrusion detection system (HIDS) focused on ensuring system integrity for POSIX-based environments. Its core capabilities include file integrity checking, log file monitoring, rootkit detection, and port scanning. The software operates in a client/server architecture, allowing for centralized management of multiple hosts from a single point, with an optional web-based console called Beltane. Samhain is designed with security and tamper-resistance in mind, using PGP-signed files and offering a stealth mode. It is particularly relevant for organizations needing to comply with standards like PCI DSS, which mandate file integrity monitoring. The software is free under the GNU Public License. Support is available through a user forum, mailing lists, and extensive documentation, with commercial support offered via a third party.
Monitors files for unauthorized modifications by checking checksums, size, permissions, owner, timestamps, and other attributes.
Performs incremental checks on growing log files to ensure existing data has not been altered.
Detects kernel rootkits by checking for hidden processes and discrepancies in directory hardlink counts.
Features a client/server architecture for centralized logging, configuration, and baseline database management.
Monitors for open or illicit ports on the host system.
Protects its own integrity through PGP-signed databases and configuration files, and a stealth mode of operation.
An optional component, Beltane, provides a web interface to monitor clients, review reports, and update baseline databases.
Identifies executables with set-user-ID permissions that may pose a security risk.
Scans for processes that may be hidden by rootkits.
Supports multiple logging facilities, each with individual configuration options.
Runs on POSIX systems like Linux, BSD, Solaris, AIX, HP-UX, and Mac OS X, with support for Windows via Cygwin.
Specifically designed to help meet PCI DSS requirements for file integrity monitoring and log protection.
Leverages the inotify kernel subsystem for real-time change notifications and reduced I/O load.
On Linux, can use the kernel audit system to identify the user responsible for a file modification.
Be the first to drop a review
iOCO is one of Africa’s largest technology solutions and digital transformation companies, offering a broad…
Trend Vision One is a cybersecurity platform from Trend Micro that provides an AI-powered solution…
SOC360 is a cybersecurity software platform from CyberSOC Africa that provides threat detection and response…
HackenProof is a cybersecurity platform from HackenProof, Inc. that focuses on vulnerability management. It includes…
Spot something wrong or outdated?
Suggest a correction — a reviewer verifies every change.
Samhain is an open-source host-based intrusion detection system (HIDS) for POSIX systems. It provides file integrity checking, log file monitoring and analysis, rootkit detection, and port monitoring.
Does Samhain have an in-app market place?
Yes
How many Mini-Apps in the marketplace?
0
Email Address
support@samhain.comDocumentation
https://la-samhna.de/samhain/s_documentation.htmlCommunity Forums
https://la-samhna.de/forum/cgi-bin/wolfbbs_index.cgiiOCO is one of Africa’s largest technology solutions and digital transformation companies, offering a broad…
Trend Vision One is a cybersecurity platform from Trend Micro that provides an AI-powered solution…
SOC360 is a cybersecurity software platform from CyberSOC Africa that provides threat detection and response…
HackenProof is a cybersecurity platform from HackenProof, Inc. that focuses on vulnerability management. It includes…