Samhain is an open source host-based intrusion detection system (HIDS) that provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.

It is designed to monitor multiple hosts with potentially different operating systems (centralized logging and maintenance). But it can also be used as a standalone application on a single host.

Note: Samhain only works on POSIX systems (Unix, Linux, Cygwin/Windows).

The client/server architecture allows central logging, central storage of baseline databases and client configurations, and central updates of baseline databases.

The web-based Beltane console, available as a separate package, allows to monitor server and client activity, view client reports, and update the baseline databases.

Samhain supports multiple logging facilities, each of which can be configured individually.

Samhain offers PGP-signed database and configuration files, a stealth mode, and several more features to protect its integrity.