The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.
Samhain is a multiplatform applcation for POSIX systems (Unix, Linux, Cygwin/Windows).
mkdir /logs mkdir /logs/yule/
./configure --enable-network=client
--with-logserver=$logserverIP
--with-config-file=REQ_FROM_SERVER/etc/samhainrc
--with-data-file=REQ_FROM_SERVER/var/lib/samhain/samhain_file
--with-log-file=/logs/yule/samhain.log
--with-trusted=$uid_of_samhain_user
--enable-xml-log
make make install make install-boot
which will output:
samhain has been configured as follows: System binaries: /usr/local/sbin Configuration file: REQ_FROM_SERVER/etc/samhainrc Manual pages: /usr/local/man Data: /var/lib/samhain PID file: /var/run/samhain.pid Log file: /logs/samhain/samhain.log Base key: 455452323,679834048
code