SAMHAIN: Host Based Intrusion Detection via File Integrity Monitoring

Monitoring changes to critical files is not only crucial, but also a requirement for some security standards, compliance regulations and laws. Organisations have a need for scalable and highly configurable solutions, so that the product can be specifically tailored for the environment and exact specifications. Implementing tools like Samhain can provide organisations with the confidence that data is not modified in any unauthorised manner and help cover any regulatory compliances. This paper will cover in detail how to set up the open source Samhain project in a client server configuration as a complete solution. Attention was given to the various capabilities of the software and what affects they have on the system.