The SAMHAIN file integrity / intrusion detection system


Samhain ("the software") is distributed under the terms of the GNU General Public Licence ("GPL").


Version 4.4.1 samhain-current.tar.gz
SHA-256 checksum a15516f6809b1daf812b39fb5aa6be3fac1a51b5efca53568759fdf54572a2e9
bytes 2159641
release date Feb 27, 2020
mailing list samhain-announce

Unpack and verify

After downloading, unzip the tar file.

    $ gunzip samhain-current.tar.gz
    $ tar -xf samhain-current.tar

Get the samhain development PGP key 1024D/0F571F6C
(almost any keyserver will do if is temporarily unavailable):

    $ gpg --keyserver --recv-key 0F571F6C

check the key fingerprint (EF6C EF54 701A 0AFD B86A F4C3 1AAD 26C8 0F57 1F6C)

    $ gpg --fingerprint 0F571F6C

and verify the PGP signature on the distribution tarball:

    $ gpg --verify samhain-4.4.1.tar.gz.asc samhain-4.4.1.tar.gz

Unzip the second-stage tar file and cd into the distribution directory:

    $ gunzip samhain-4.4.1.tar.gz
    $ tar -xf samhain-4.4.1.tar
    $ cd samhain-4.4.1


Read the README and/or the manual for options you may want to supply to configure, then do:

    $ ./configure [options]
    $ make
    $ make install

(There is also a working make uninstall. Just to let you know.)

If you have an incarnation of 'dialog' (xdialog, dialog, lxdialog) installed, you can alternatively use the GUI install tool:

    $ ./

After installation, you should first review the configuration file (by default /etc/samhainrc), especially with respect to network addresses such as the email address, and files/directories you may want to have checked. Next, you have to initialize the database:

    $ samhain -t init

Then, you can start samhain in daemon mode to check your system in intervals as specified in the configuration file:

    $ samhain -t check -D

On most systems, after the $ make install, you can add
$ make install-boot to install the necessary scripts to start up samhain every time you boot your machine (supported: Linux, FreeBSD, MacOS X, Solaris, HP-UX, AIX).

Mailing list

It is recommended that samhain users subscribe to the samhain-announce mailing list. This is a very low traffic mailing list used exclusively for the announcement of new versions of samhain, and for information on security problems (in case any are discovered).