Chapter 1. Introduction

Table of Contents

1. Backward compatibility

samhain is a file and host integrity and intrusion alert system suitable for single hosts as well as for large, UNIX-based networks. samhain offers advanced features to support and facilitate centralized monitoring.

In particular, samhain can optionally be used as a client/server system with monitoring clients on individual hosts, and a central log server that collects the messages of all clients.

The configuration and database files for each client can be stored centrally and downloaded by clients from the log server. Using conditionals (based on hostname, machine type, OS, and OS release, all with regular expresions) a single configuration file for all hosts on the network can be constructed.

The client (or standalone) part is called samhain, while the server is referred to as yule. Both can run as daemon processes.

1. Backward compatibility

Samhain version 4.0 introduces a change in the baseline database format. This does not affect the client/server communication, i.e. it is possible to mix pre-4.0 and 4.0+ clients and server.

If you are using the Beltane II WebGUI, you need version 2.5+ to handle the new database format.

Finally, if you are planning to make use of the new features for integrating samhain into your change control process, you will need Samhain version 4.0+ for clients and sever, and Beltane II version 2.5+.