samhain is a daemon that can check file integrity, search the file tree for SUID files, and detect kernel module rootkits (Linux only). It can be used either standalone or as a client/server system for centralized monitoring, with strong (192-bit AES) encryption for client/server connections and the option to store databases and configuration files on the server. For tamper resistance, it supports signed database/configuration files and signed reports/audit logs. It has been tested on Linux, FreeBSD, Solaris, AIX, HP-UX, and Unixware.
License: GNU General Public License (GPL)
Changes:
It is possible to store the full content of (small) files in the baseline database, which allows this release to determine what has changed in a file. A couple of bugs have been fixed, and the mount check and process check modules are supported on OpenBSD.
