SAMHAIN是一个开放源代码的基于主机的入侵检测系统,它提供文件完整性检查,日志监视和分析功能,以及ROOTKIT检测,端口监视,检测可执行程序的SUID和隐藏进程等。目前，SAMHAIN更新至2.8.5版,新版主要改变:
    * The log monitoring option to report correlated log entries has been fixed (there was a problem due to incorrect timestamp handling).
    * A new option LogmonDeadtime has been added to avoid repetitive reporting of correlated log entries.
    * In verbose mode, the policy under which a directory or file is monitored will get reported now.
    * The update option has been enhanced with an option to update (only) files listed in a textfile.
    * The broken –enable-db-reload compile option has been fixed.
    * The compilation of the samhain_kmem module has been fixed to work properly with the –enable-install-name compile option.
工具下载:http://la-samhna.de/samhain/samhain-current.tar.gz