/*
 *
 * Please use this template as a general guideline on how to layout your page. 
 * Do not edit this unless you feel it actually improves the template.
 * If you are having trouble with the wiki syntax please see the [[wiki:syntax]] page.
 *
 * Thank you for your contributions.
 *
 */

====== Samhain ======

The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.

It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.

Samhain is a multiplatform applcation for POSIX systems (Unix, Linux, Cygwin/Windows).


===== Client Configuration =====

  mkdir /logs
  mkdir /logs/yule/


  ./configure --enable-network=client 
	--with-logserver=$logserverIP 
        --with-config-file=REQ_FROM_SERVER/etc/samhainrc 
        --with-data-file=REQ_FROM_SERVER/var/lib/samhain/samhain_file
	--with-log-file=/logs/yule/samhain.log
	--with-trusted=$uid_of_samhain_user
        --enable-xml-log

  make
  make install
  make install-boot

which will output:

  samhain has been configured as follows:
     System binaries: /usr/local/sbin
     Configuration file: REQ_FROM_SERVER/etc/samhainrc
     Manual pages: /usr/local/man
     Data: /var/lib/samhain
     PID file: /var/run/samhain.pid
     Log file: /logs/samhain/samhain.log
     Base key: 455452323,679834048
 

===== Section 2 =====

==== Sub-section ====

  code