download samhain

The SAMHAIN file integrity / intrusion detection system

License

Samhain ("the software") is distributed under the terms of the GNU General Public Licence ("GPL").

Download

Version 4.4.2 samhain-current.tar.gz
SHA-256 checksum 2bb2750b32646be32517d0b2259402559c72b96979800f6c33774fcdea327fff
bytes 2160169
release date Aug 01, 2020
mailing list samhain-announce

Unpack and verify

After downloading, unzip the tar file.

$ gunzip samhain-current.tar.gz
$ tar -xf samhain-current.tar
samhain-4.4.2.tar.gz
samhain-4.4.2.tar.gz.asc

Get the samhain development PGP key 1024D/0F571F6C
(almost any keyserver will do if pgp.mit.edu is temporarily unavailable):

$ gpg --keyserver pgp.mit.edu --recv-key 0F571F6C

check the key fingerprint (EF6C EF54 701A 0AFD B86A F4C3 1AAD 26C8 0F57 1F6C)

$ gpg --fingerprint 0F571F6C

and verify the PGP signature on the distribution tarball:

$ gpg --verify samhain-4.4.2.tar.gz.asc samhain-4.4.2.tar.gz

Unzip the second-stage tar file and cd into the distribution directory:

$ gunzip samhain-4.4.2.tar.gz
$ tar -xf samhain-4.4.2.tar
$ cd samhain-4.4.2

Installation

Read the README and/or the manual for options you may want to supply to configure, then do:

$ ./configure [options]
$ make
$ make install

(There is also a working make uninstall. Just to let you know.)

If you have an incarnation of 'dialog' (xdialog, dialog, lxdialog) installed, you can alternatively use the GUI install tool:

$ ./Install.sh

After installation, you should first review the configuration file (by default /etc/samhainrc), especially with respect to network addresses such as the email address, and files/directories you may want to have checked. Next, you have to initialize the database:

$ samhain -t init

Then, you can start samhain in daemon mode to check your system in intervals as specified in the configuration file:

$ samhain -t check -D

On most systems, after the make install, you can add
make install-boot to install the necessary scripts to start up samhain every time you boot your machine (supported: Linux, FreeBSD, MacOS X, Solaris, HP-UX, AIX).

Mailing list

It is recommended that samhain users subscribe to the samhain-announce mailing list. This is a very low traffic mailing list used exclusively for the announcement of new versions of samhain, and for information on security problems (in case any are discovered).