Samhain (software)
Encyclopedia
Samhain is an integrity checker
and host intrusion detection system that can be used on single hosts as well as large, UNIX
-based networks
. It supports central monitoring as well as powerful (and new) stealth features to run undetected in memory, using steganography
.
Integrity checker
An integrity checker computes a binary number on a known virus-free program that is then stored in a database file. This number is called a cyclical redundancy check . When that program is called to execute, the checker computes the CRC on the program about to be executed and compares it to the...
and host intrusion detection system that can be used on single hosts as well as large, UNIX
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
-based networks
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
. It supports central monitoring as well as powerful (and new) stealth features to run undetected in memory, using steganography
Steganography
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity...
.
Main features
- Complete integrity check
- uses cryptographic checksums of files to detect modifications,
- can find rogue SUID executables anywhere on disk, and
- Centralized monitoring
- native support for logging to a central serverServer (computing)In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
via encryptedEncryptionIn cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
and authenticatedAuthenticationAuthentication is the act of confirming the truth of an attribute of a datum or entity...
connections
- native support for logging to a central server
- Tamper resistance
- databaseDatabaseA database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model relevant aspects of reality , in a way that supports processes requiring this information...
and configuration fileConfiguration fileIn computing, configuration files, or config files configure the initial settings for some computer programs. They are used for user applications, server processes and operating system settings. The files are often written in ASCII and line-oriented, with lines terminated by a newline or carriage...
s can be signed - log fileLog fileThe term log file can refer to:*Text saved by a computer operating system to recored its activities, such as by the Unix syslog facility*Output produced by a data loggerAlso see Wikibooks chapter...
entries and e-mailE-mailElectronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
reports are signed - support for stealth operation
- database