Beltane For Linux

Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. Beltane project enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases.

Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.

In a client/server installation of Samhain, you have individual hosts monitored by Samhain clients, and a central log server (called yule) where also the file signature databases are kept. Beltane enhances this setup by providing an interface to browse client messages, acknowledge them, and modify the file signature database for a client according to the file changes reported by that client.

As the Samhain daemon keeps a memory of file changes, the file signature database need only be up to date when the daemon restarts and downloads the database from the central server. Beltane allows you to use the information logged by the client in order to update the signature database.

Beltane is a PHP4 (also works with PHP5) application, with some additional components written in C. PHP4 (or PHP5) may be compiled as Apache module or as CGI interpreter (Beltane is tested with Linux, Apache 1.3/2.0, PHP 4.3.4/5.0.3 used as CGI interpreter, suexec, no SSL, MySQL and PostgreSQL databases).

Beltane 2 can also be used with an Oracle database.

On the client side, Beltane requires a Javascript capable browser. Cookies must be enabled. We recommend Mozilla/Firefox, as it is rumoured to be the most standard-conforming browser, but most inferior browsers may work as well.

Documentation is provided as SGML and HTML files within the tarball. You are adviced to read the documentation before attempting to install Beltane.