samhain is a daemon that can check file integrity, search the file tree for SUID files, and detect kernel module rootkits (Linux only). It can be used either standalone or as a client/server system for centralized monitoring, with strong (192-bit AES) encryption for client/server connections and the option to store databases and configuration files on the server. For tamper resistance, it supports signed database/configuration files and signed reports/audit logs. It has been tested on Linux, FreeBSD, Solaris, AIX, HP-UX, and Unixware.
License: GNU General Public License (GPL)
Changes:
This release provides a new option to avoid reports for timestamp changes on directories. For open ports, PID is determined now, and reporting of open ports to prelude has been improved. A bug has been fixed that could cause truncation of the reported file size upon entering into an RDBMS, and some build problems have been fixed.
More...