PapaScott I like big blogs and I cannot lie! 🐘

Samhain - File Integrity and Intrusion Detection

At work I've been looking at Samhain, a file integrity system similar to AIDE or Tripwire, but with many additional features, like signing of logs and config files, detection of rogue kernel modules, stealth operation, logging to SQL databases, and encrypted client/server communications. It can probably brew coffee, too, but I haven't found it in the docs yet. The configuration is a bit complicated, but it looks promising.

The idea of a file integrity system is not to prevent hackers (or rogue employees) from attacking a system, but to be quickly aware of an attack before the attacker has a chance to cover his tracks. It involves keeping cryptographic signatures of important files so that changes can be detected even if the file size and timestamp remain the same.

comments powered by Disqus