download samhain

The SAMHAIN file integrity / intrusion detection system

License

Samhain ("the software") is distributed under the terms of the GNU General Public Licence ("GPL").

Download

Version 4.5.1 samhain-current.tar.gz
SHA-256 checksum a77740b53db910b63dfc6439f2b96074ffd6a2d7714996cdfb1825e82f815228
bytes 2199196
release date Sep 8, 2024
mailing list samhain-announce

Unpack and verify

After downloading, unzip the tar file. 

$ gunzip samhain-current.tar.gz
$ tar -xf samhain-current.tar
samhain-4.5.1.tar.gz
samhain-4.5.1.tar.gz.asc

Get the samhain development PGP key 1024D/0F571F6C
(almost any keyserver will do if pgp.mit.edu is temporarily unavailable): 

$ gpg --keyserver pgp.mit.edu --recv-key 0F571F6C

check the key fingerprint (EF6C EF54 701A 0AFD B86A F4C3 1AAD 26C8 0F57 1F6C) 

$ gpg --fingerprint 0F571F6C

and verify the PGP signature on the distribution tarball: 

$ gpg --verify samhain-4.5.1.tar.gz.asc samhain-4.5.1.tar.gz

Unzip the second-stage tar file and cd into the distribution directory: 

$ gunzip samhain-4.5.1.tar.gz
$ tar -xf samhain-4.5.1.tar
$ cd samhain-4.5.1

Installation

Read the README and/or the manual for options you may want to supply to configure, then do: 

$ ./configure [options]
$ make
$ make install

(There is also a working make uninstall. Just to let you know.)

If you have an incarnation of 'dialog' (xdialog, dialog, lxdialog) installed, you can alternatively use the GUI install tool: 

$ ./Install.sh

After installation, you should first review the configuration file (by default /etc/samhainrc), especially with respect to network addresses such as the email address, and files/directories you may want to have checked. Next, you have to initialize the database: 

$ samhain -t init

Then, you can start samhain in daemon mode to check your system in intervals as specified in the configuration file: 

$ samhain -t check -D

On most systems, after the make install, you can add
make install-boot to install the necessary scripts to start up samhain every time you boot your machine (supported: Linux, FreeBSD, MacOS X, Solaris, HP-UX, AIX).

Mailing list

It is recommended that samhain users subscribe to the samhain-announce mailing list. This is a very low traffic mailing list used exclusively for the announcement of new versions of samhain, and for information on security problems (in case any are discovered).