{"id":2051,"date":"2009-10-06T10:44:53","date_gmt":"2009-10-06T10:44:53","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=2051"},"modified":"2015-09-09T19:37:53","modified_gmt":"2015-09-09T11:37:53","slug":"samhain-v-2-5-9c-open-source-host-based-intrusion-detection-system-hids","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2009\/10\/samhain-v-2-5-9c-open-source-host-based-intrusion-detection-system-hids\/","title":{"rendered":"Samhain v.2.5.9c – Open Source Host-Based Intrusion Detection System (HIDS)"},"content":{"rendered":"

[ad]<\/p>\n

We’ve only mentioned one HIDS before, that was OSSEC HIDS<\/a>, so I thought I’d do some updates on the others.<\/p>\n

Samhain has always been one of my favourites, before that of course I was using Tripwire like everyone else.<\/p>\n

The Samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring\/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.<\/p>\n

It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.<\/p>\n

Samhain is a multiplatform application for POSIX systems (Unix, Linux, Cygwin\/Windows).<\/p>\n

Features<\/strong><\/p>\n