SAMHAIN v2.8.5 - intrusion detection system
The Hacker News

The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.

The official change log:

  1. For the kernel check, the configure script should now detect if /dev/kmem exists but is dysfunctional. Also, a bug in the samhain_kmem kernel module has been fixed.
  2. The LogmonMarkSeverity option has been fixed
  3. Timeserver response is cached now for one second
  4. The Unix entropy gatherer supports /opt/local/bin now
  5. A compile time option has been added to disable the expansion of $(shell command) in the configuration file. Also, the signature of a signed configuration file is checked earlier now.

Download SAMHAIN v2.8.5

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.