Samhain logo

Samhain

by Samhain Labs
No reviews yet
ActiveFree tier
Quick facts
VendorSamhain Labs
Year launchedN/A
StatusActive
LocationAm Kreideberg 3a, 21339 Lüneburg, Germany
Countries servedN/A
Languages2
IntegrationsN/A
Free tierYES
Free trialNO
Contact salesNO

About Samhain

Samhain is an open-source host-based intrusion detection system (HIDS) for POSIX systems. It provides file integrity checking, log file monitoring and analysis, rootkit detection, and port monitoring.

Samhain is an open-source, host-based intrusion detection system (HIDS) focused on ensuring system integrity for POSIX-based environments. Its core capabilities include file integrity checking, log file monitoring, rootkit detection, and port scanning. The software operates in a client/server architecture, allowing for centralized management of multiple hosts from a single point, with an optional web-based console called Beltane. Samhain is designed with security and tamper-resistance in mind, using PGP-signed files and offering a stealth mode. It is particularly relevant for organizations needing to comply with standards like PCI DSS, which mandate file integrity monitoring. The software is free under the GNU Public License. Support is available through a user forum, mailing lists, and extensive documentation, with commercial support offered via a third party.

Pros & Cons

Pros
  • Open-source and free to use under the GNU GPL.
  • Provides comprehensive host-based intrusion detection features, including file integrity, log monitoring, and rootkit detection.
  • Supports centralized client/server architecture for managing multiple hosts.
  • Designed to help meet PCI DSS compliance requirements.
  • Offers extensive documentation, including a user manual, FAQ, and HOWTOs.
Cons
  • The user interface is a command-line tool, with an optional separate web console (Beltane), which may be less intuitive for some users.
  • No pricing is published, as it is open-source software. Commercial support is available but requires contact.
  • No native mobile applications are available.
  • The official website does not list any direct software integrations.

Features

Key features

File Integrity Checking

Monitors files for unauthorized modifications by checking checksums, size, permissions, owner, timestamps, and other attributes.

Log File Monitoring and Analysis

Performs incremental checks on growing log files to ensure existing data has not been altered.

Rootkit Detection

Detects kernel rootkits by checking for hidden processes and discrepancies in directory hardlink counts.

Centralized Monitoring

Features a client/server architecture for centralized logging, configuration, and baseline database management.

Port Monitoring

Monitors for open or illicit ports on the host system.

Tamper Resistance

Protects its own integrity through PGP-signed databases and configuration files, and a stealth mode of operation.

Additional features

Web-based Management Console

An optional component, Beltane, provides a web interface to monitor clients, review reports, and update baseline databases.

Rogue SUID Detection

Identifies executables with set-user-ID permissions that may pose a security risk.

Hidden Process Detection

Scans for processes that may be hidden by rootkits.

Flexible Logging

Supports multiple logging facilities, each with individual configuration options.

Cross-Platform Support

Runs on POSIX systems like Linux, BSD, Solaris, AIX, HP-UX, and Mac OS X, with support for Windows via Cygwin.

PCI DSS Compliance Features

Specifically designed to help meet PCI DSS requirements for file integrity monitoring and log protection.

Immediate Notifications on Linux

Leverages the inotify kernel subsystem for real-time change notifications and reduced I/O load.

Audit System Integration

On Linux, can use the kernel audit system to identify the user responsible for a file modification.

Pricing

Free trial
Free version
Request a quote
Promo Offer

Countries & Languages

Countries served
2
Interface languages
Billing currencies

Interface languages

EnglishGerman

No reviews yet

Be the first to drop a review

Alternatives to Samhain

iOCO logo

iOCO

iOCO is one of Africa’s largest technology solutions and digital transformation companies, offering a broad…

Trend Vision One logo

Trend Vision One

Trend Vision One is a cybersecurity platform from Trend Micro that provides an AI-powered solution…

SOC360 logo

SOC360

SOC360 is a cybersecurity software platform from CyberSOC Africa that provides threat detection and response…

HackenProof logo

HackenProof

HackenProof is a cybersecurity platform from HackenProof, Inc. that focuses on vulnerability management. It includes…

Cypherleak logo

Cypherleak

Cypherleak is a risk monitoring platform from Cypherleak that helps protect the business. It combines…

Cybervergent logo

Cybervergent

Cybervergent is an AI-native platform from Cybervergent that provides real-time posture visibility, automated remediation, and…

Spot something wrong or outdated?

Suggest a correction — a reviewer verifies every change.

Often compared with Samhain

Compare any two tools →
iOCO logo
iOCO
IT Management
0.0
Trend Vision One logo
Trend Vision One
Cybersecurity
0.0
SOC360 logo
SOC360
Managed Detection and Response (MDR)
0.0
HackenProof logo
HackenProof
Vulnerability Management
0.0