samhain Changelog

New in version 3.0.13

June 20th, 2013
  • A regression in the handling of growing log files has been fixed.
  • For compiling with the kernel check option, the detection of an existing yet non-functional /dev/kmem device has been improved.

New in version 3.0.10 (January 19th, 2013)

  • This version fixes a regression that made samhain block indefinitely if the inotify mode for file checking was used.

New in version 3.0.9 (January 7th, 2013)

  • Some build errors have been fixed, as well as the 'probe' command for the server (clients could be erroneously omitted under certain conditions).
  • An option has been added to the Windows registry check to ignore changes if only the timestamp has changed, and full scans requested by the inotify module will now only run at times configured for regular full scans.

New in version 3.0.5 (July 25th, 2012)

  • This version fixes some issues with the Windows registry check.

New in version 3.0.4 (May 3rd, 2012)

  • This version fixes inotify-related bugs leading to extraneous "file not found" reports.

New in version 3.0.1 (December 9th, 2011)

  • This version fixes a memory leak in the code for inotify support, as well as a potential deadlock.
  • Bugs in the suid.check and port check modules have been fixed, and compile problems on FreeBSD have been resolved.

New in version 3.0.0 (November 9th, 2011)

  • This version adds support for inotify on Linux, to enable immediate reports on file changes and reduce I/O load.
  • Debugging output for IPv6 issues is more complete now, and a problem with the combination of prelink support and the suid file check has been fixed.

New in version 2.8.6 (September 22nd, 2011)

  • A bug with the correlation of entries in monitored log files has been fixed, and a deadtime option has been added to avoid repetitive reports.
  • In verbose mode, the policy under which a directory or file is monitored will be reported now.
  • The update function has been enhanced with an option to update only files listed in a text file, and issues with some compile options have been fixed.

New in version 2.8.4 (May 12th, 2011)

  • A regression has been fixed that under certain circumstances would cause samhain to hang when reloading the configuration file.
  • A compile error in the samhain_hide.ko kernel module has been fixed.
  • A contributed patch for has been included that allows you to specify the location of the secret keyring.
  • The (l)stat timeout has been increased to fix spurious timeouts under heavy load.
  • The Apache log file parser has been enhanced to allow the insertion of arbitrary regexes into the format definition.
  • New options allow you to define the port range for the open ports check.