Chapter 1. Introduction

samhain is a file and host integrity and intrusion alert system suitable for single hosts as well as for large, UNIX-based networks. samhain offers advanced features to support and facilitate centralized monitoring.

In particular, samhain can optionally be used as a client/server system with monitoring clients on individual hosts, and a central log server that collects the messages of all clients.

The configuration and database files for each client can be stored centrally and downloaded by clients from the log server. Using conditionals (based on hostname, machine type, OS, and OS release, all with regular expresions) a single configuration file for all hosts on the network can be constructed.

The client (or standalone) part is called samhain, while the server is referred to as yule. Both can run as daemon processes.