Beltane 2.4.3

A web-based central management console for the Samhain file integrity / intrusion detection system.
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. Beltane project enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases.

Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.

In a client/server installation of Samhain, you have individual hosts monitored by Samhain clients, and a central log server (called yule) where also the file signature databases are kept. Beltane enhances this setup by providing an interface to browse client messages, acknowledge them, and modify the file signature database for a client according to the file changes reported by that client.

As the Samhain daemon keeps a memory of file changes, the file signature database need only be up to date when the daemon restarts and downloads the database from the central server. Beltane allows you to use the information logged by the client in order to update the signature database.

Details

Beltane is a PHP4 (also works with PHP5) application, with some additional components written in C. PHP4 (or PHP5) may be compiled as Apache module or as CGI interpreter (Beltane is tested with Linux, Apache 1.3/2.0, PHP 4.3.4/5.0.3 used as CGI interpreter, suexec, no SSL, MySQL and PostgreSQL databases).

Beltane 2 can also be used with an Oracle database.

On the client side, Beltane requires a Javascript capable browser. Cookies must be enabled. We recommend Mozilla/Firefox, as it is rumoured to be the most standard-conforming browser, but most inferior browsers may work as well.

Documentation is provided as SGML and HTML files within the tarball. You are adviced to read the documentation before attempting to install Beltane.

Main features:

  • Major performance and scalability improvements for reduced memory consumption, faster baseline database updates, and faster reload of the client panel
  • Support for Oracle database (Beltane version 2.1.1 and above)
  • Client Status Display (running/dead/unknown)
  • Bulk Update from user-defined criteria like: the hostname, a list of files (with or without checksums), or a time window
  • On-the-fly Sorting of the message list
  • Message Filtering with POSIX regular expressions
  • GnuPG Signing of client file signature databases after an update
  • Search function for the database.
  • Editing of client configurations
  • Client Configuration Reload can be triggered
  • Multiple Users with logging of login/logouts
  • Server Messages can be viewed optionally

last updated on:
May 3rd, 2012, 6:59 GMT
price:
$25.00
 
developed by:
Samhain Labs
homepage:
www.la-samhna.de
license type:
Other/Proprietary License
category:
ROOT \ Security

In a hurry? Add it to your Download Basket!

user rating 17

3.2/5
 

0/5

3 Screenshots
BeltaneBeltaneBeltane
What's New in This Release:
  • Some problems related to the samhain "stealth" option have been fixed, as well as an incorrect error check in the beltane_update command.
  • The display of md5 and sha1 checksums has been modified to better match the output of md5sum/shasum.
read full changelog

Add your review!

SUBMIT