SAMHAIN是一个开放源代码的基于主机的入侵检测系统,它提供文件完整性检查,日志监视和分析功能,以及ROOTKIT检测,端口监视,检测可执行程序的SUID和隐藏进程等。目前，SAMHAIN更新至3.0.0版,新版主要改变:
工具下载:
    * The Linux inotify mechanism is optionally supported for file system checks (off by default). See Sect. 5.21 in the manual.
    * Issues with the redefinition of check policies have been fixed. As a consequence, also the suid check should correctly use prelink now when appropriate.
    * Enhanced server-side debug output for IPv6 issues is available now.
    * A bug has been fixed that prevented compilation of the kern_head executable on 3.x kernel systems.
    * Compiler warnings with gcc 4.6 have been fixed.
工具下载:http://la-samhna.de/samhain/samhain-current.tar.gz