Samhain (software)

Samhain is an integrity checker and host intrusion detection system that can be used on single hosts as well as large, UNIX-based networks. It supports central monitoring as well as powerful (and new) stealth features to run undetected in memory, using steganography.

Main features

 * Complete integrity check
 * uses cryptographic checksums of files to detect modifications,
 * can find rogue SUID executables anywhere on a disk, and
 * Centralized monitoring
 * native support for logging to a central server via encrypted and authenticated connections
 * Tamper resistance
 * database and configuration files can be signed
 * log file entries and e-mail reports are signed
 * support for stealth operation