samhain
Data integrity and host intrusion alert system
Install
- All systems
-
curl cmd.cat/samhain.sh
- Debian
-
apt-get install samhain
- Ubuntu
-
apt-get install samhain
- Kali Linux
-
apt-get install samhain
- Windows (WSL2)
-
sudo apt-get update
sudo apt-get install samhain
- Raspbian
-
apt-get install samhain
- Dockerfile
- dockerfile.run/samhain
samhain
Data integrity and host intrusion alert system
Samhain is an integrity checker and host intrusion detection system that can be used on single hosts as well as large, UNIX-based networks. It supports central monitoring as well as powerful (and new) stealth features to run undetected on memory using steganography. Main features * Complete integrity check + uses cryptographic checksums of files to detect modifications, + can find rogue SUID executables anywhere on disk, and * Centralized monitoring + native support for logging to a central server via encrypted and authenticated connections * Tamper resistance + database and configuration files can be signed + logfile entries and e-mail reports are signed + support for stealth operation