samhain is a daemon that can check file integrity, search the file tree for SUID files, and detect kernel module rootkits (Linux only). It can be used either standalone or as a client/server system for centralized monitoring, with strong (192-bit AES) encryption for client/server connections and the option to store databases and configuration files on the server. For tamper resistance, it supports signed database/configuration files and signed reports/audit logs. It has been tested on Linux, FreeBSD, Solaris, AIX, HP-UX, and Unixware.
License: GNU General Public License (GPL)
Changes:
This version provides a new module to perform log file monitoring (currently supported: syslog, apache, samba, and pacct). On Linux, port monitoring now reports the process and the user for open ports. Some minor bugs have been fixed.
More...