A web-based central management console for the Samhain file integrity / intrusion detection system.
Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
In a client/server installation of Samhain, you have individual hosts monitored by Samhain clients, and a central log server (called yule) where also the file signature databases are kept. Beltane enhances this setup by providing an interface to browse client messages, acknowledge them, and modify the file signature database for a client according to the file changes reported by that client.
As the Samhain daemon keeps a memory of file changes, the file signature database need only be up to date when the daemon restarts and downloads the database from the central server. Beltane allows you to use the information logged by the client in order to update the signature database.
Beltane is a PHP4 (also works with PHP5) application, with some additional components written in C. PHP4 (or PHP5) may be compiled as Apache module or as CGI interpreter (Beltane is tested with Linux, Apache 1.3/2.0, PHP 4.3.4/5.0.3 used as CGI interpreter, suexec, no SSL, MySQL and PostgreSQL databases).
Beltane 2 can also be used with an Oracle database.
Documentation is provided as SGML and HTML files within the tarball. You are adviced to read the documentation before attempting to install Beltane.
- Major performance and scalability improvements for reduced memory consumption, faster baseline database updates, and faster reload of the client panel
- Support for Oracle database (Beltane version 2.1.1 and above)
- Client Status Display (running/dead/unknown)
- Bulk Update from user-defined criteria like: the hostname, a list of files (with or without checksums), or a time window
- On-the-fly Sorting of the message list
- Message Filtering with POSIX regular expressions
- GnuPG Signing of client file signature databases after an update
- Search function for the database.
- Editing of client configurations
- Client Configuration Reload can be triggered
- Multiple Users with logging of login/logouts
- Server Messages can be viewed optionally
In a hurry? Add it to your Download Basket!
What's New in This Release:
- Some problems related to the samhain "stealth" option have been fixed, as well as an incorrect error check in the beltane_update command.
- The display of md5 and sha1 checksums has been modified to better match the output of md5sum/shasum.