samhain is a daemon that can check file integrity, search the file tree for SUID files, and detect kernel module rootkits (Linux only). It can be used either standalone or as a client/server system for centralized monitoring, with strong (192-bit AES) encryption for client/server connections and the option to store databases and configuration files on the server. For tamper resistance, it supports signed database/configuration files and signed reports/audit logs. It has been tested on Linux, FreeBSD, Solaris, AIX, HP-UX, and Unixware.
License: GNU General Public License (GPL)
Changes:
The syntax for conditionals in the configuration file has been enhanced. An option has been added to drop checksummed files from the file cache. The server can now request on-demand scans from the clients. Some compile issues and a problem with reloading the configuration in stealth mode have been fixed.
More...