FreshPorts -- security/samhain: Samhain Intrusion Detection System

Port details

samhain Samhain Intrusion Detection System

4.4.3_1 security =17 4.4.3_1Version of this port present on the latest quarterly branch.

Maintainer: freebsd@gregv.net

Port Added: 2003-04-13 13:17:51

Last Update: 2024-11-19 17:30:56

Commit Hash: 6b7215e

People watching this port, also watch:: snort, sudo, smartmontools, syslog-ng, vlc

License: GPLv2

WWW:

https://la-samhna.de/samhain/

Description:

Samhain is an open source file integrity and host-based intrusion detection system for Linux and Unix. It can run as a daemon process, and thus can remember file changes - contrary to a tool that runs from cron, if a file is modified you will get only one report, while subsequent checks of that file will ignore the modification as it is already reported (unless the file is modified again). Samhain can optionally be used as client/server system to provide centralized monitoring for multiple host. Logging to a (MySQL or PostgreSQL) database is supported.

¦ ¦ ¦ ¦

Manual pages:

FreshPorts has no man page information for this port.

pkg-plist: as obtained via: make generate-plist

Expand this list (38 items)

Collapse this list.

/usr/local/share/licenses/samhain-4.4.3_1/catalog.mk
/usr/local/share/licenses/samhain-4.4.3_1/LICENSE
/usr/local/share/licenses/samhain-4.4.3_1/GPLv2
@dir /var/lib
share/doc/samhain/BUGS
share/doc/samhain/FAQ.html
share/doc/samhain/HOWTO-client+server-troubleshooting.html
share/doc/samhain/HOWTO-client+server.html
share/doc/samhain/HOWTO-samhain+GnuPG.html
share/doc/samhain/HOWTO-write-modules.html
share/doc/samhain/MANUAL-2_4.pdf
share/doc/samhain/README
share/doc/samhain/README.UPGRADE
share/doc/samhain/sh_mounts.txt
share/doc/samhain/sh_userfiles.txt
@dir share/doc/samhain
@dir /var/lib/samhain
@sample etc/samhainrc.sample
etc/rc.d/samhain
share/man/man5/samhainrc.5.gz
share/man/man8/samhain.8.gz
sbin/samhain
@comment sbin/samhain_setpwd
@comment @dir /var/lib/yule
@comment @dir /var/log/yule
@comment @sample etc/yulerc.sample
@comment @postunexec echo "To delete the yule user permanently, use 'pw userdel yule'"
@comment etc/rc.d/yule
@comment share/man/man5/yulerc.5.gz
@comment share/man/man8/yule.8.gz
@comment sbin/yule
@comment sbin/yule_setpwd
@comment sbin/yuleadmin-gpg.pl
@comment sbin/yuleadmin-sig.pl
@comment sbin/yulectl
@owner
@group
@mode

Collapse this list.

Dependency lines:

samhain>0:security/samhain

To install the port:

cd /usr/ports/security/samhain/ && make install clean

To add the package, run one of these commands:

pkg install security/samhain
pkg install samhain

NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.

PKGNAME: samhain

Flavors: there is no flavor information for this port.

distinfo:

TIMESTAMP = 1607614629 SHA256 (samhain_signed-4.4.3.tar.gz) = 3e57574036d5055e9557ec5095818b419ea6c4365370fc2ccce1e9f87f9fad08 SIZE (samhain_signed-4.4.3.tar.gz) = 2160977

Packages (timestamps in pop-ups are UTC):

samhain
ABI	aarch64	amd64	armv6	armv7	i386	powerpc	powerpc64	powerpc64le
FreeBSD:13:latest	-	4.4.3_1	4.4.3	4.4.3_1	4.4.3_1	-	-	-
FreeBSD:13:quarterly	-	4.4.3_1	4.4.3	4.4.3_1	4.4.3_1	4.4.3	4.4.3	4.4.3
FreeBSD:14:latest	-	4.4.3_1	4.4.3	4.4.3_1	4.4.3_1	-	-	4.4.3
FreeBSD:14:quarterly	-	4.4.3_1	-	4.4.3_1	4.4.3_1	-	-	4.4.3
FreeBSD:15:latest	-	4.4.3_1	n/a	4.4.3_1	n/a	4.4.3	4.4.3	4.4.3

Slave ports:

This port has no dependencies.

There are no ports dependent upon this port

Configuration Options:

===> The following configuration options are available for samhain-4.4.3_1: ASM=on: Use optimized assembly code DB_RELOAD=off: Enable database reload on SIGHUP DEBUG=off: Build with debugging support DNMALLOC=on: Enable dnmalloc DOCS=on: Build and/or install documentation ENCRYPT=on: Enable client/server encryption GNUPG=off: GNU Privacy Guard support IPV6=on: IPv6 protocol support LIBWRAP=on: TCP wrapper support LOGFILE_MONITOR=off: Enable monitor logfiles LOGIN_WATCH=off: Enable watch for login/logout MAIL=on: Enable internal SMTP mailer MOUNTS_CHECK=off: Enable check mount options on filesystems PORT_CHECK=off: Enable check ports POSIX_ACL=off: Enable check posix acls PRELUDE=off: Enable Prelude Framework support PROCESS_CHECK=off: Enable check processes PTRACE=off: Enable use anti-debugger options SRP=on: Enable SRP for authentication STATIC=off: Build static executables and/or libraries SUIDCHECK=off: Enable check for suid/sgid files UDP=off: Enable UDP server USERFILES=off: Enable check for users config files XML_LOGS=off: Enable XML-formatted logs ====> Database support: you can only select none or one of them MYSQL=off: MySQL database support ODBC=off: ODBC database backend PGSQL=off: PostgreSQL database support ===> Use 'make config' to modify these settings

Options name:

security_samhain

USES:

sbrk shebangfix

pkg-message:

For install:: To start the samhain daemon at system boot, add: samhain_enable="YES" and/or yule_enable="YES" to /etc/rc.conf.

Master Sites:

Expand this list (1 items)

Collapse this list.

http://la-samhna.de/archive/

Collapse this list.

Number of commits found: 135 (showing only 35 on this page)

« 1 | 2

Commit	Credits	Log message
Commit History - (may be incomplete: for full details, see links to repositories near top of page)
2.1.2_1 09 Apr 2006 02:40:10	lawrance	When yule is installed, add the yule user and group as well. This is especially useful for package users since they couldn't run the install-user target. PR: ports/90305 (based on) Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer) Approved by: maintainer timeout on feedback (3 months) Committed from: Sydney Linux User Group codefest at UTS
2.1.2 18 Mar 2006 19:17:30	mnag	- Update to 2.1.2 - Add PRELUDE option PR: 94406 Submitted by: Robin Gruyters <r.gruyters@yirdis.nl> Approved by: maintainer
2.1.0 24 Jan 2006 01:03:33	edwin	SHA256ify Approved by: krion@
2.1.0 07 Jan 2006 07:56:03	edwin	Update: security/samhain 2.0.10 -> 2.1.0 Updating the Samhain integrity checking system to 2.1.0, a bugfix release. It's been requested by several people to break Samhain out into separate client and server ports. This PR does that, with a samhain-client and samhain-server port, as slave ports off of samhain. I'm not sure the best way to submit a PR to do this kind of action, but here is a shar of all three ports. If another format is desired, please let me know. I'm also interested in feedback on the approach used for splitting these out. PR: ports/90305 Submitted by: David Thiel <lx@redundancy.redundancy.org>
2.0.10 22 Sep 2005 07:15:29	vsevolod	Fix DISTNAME variable. Reported by: Jin-Shan Tseng <tjs@cdpa.nsysu.edu.tw> Pointy hat to: vsevolod
2.0.10 21 Sep 2005 22:56:58	vsevolod	Update to 2.0.10 [1] Feed portlint PR: 86426 [1] Submitted by: David Thiel (maintainer) [1]
2.0.9 10 Sep 2005 20:32:10	pav	- Replace .error with IGNORE to prevent INDEX build failures
2.0.9 30 Aug 2005 22:04:29	pav	- Update to 2.0.9 - samhainrc.sample file is chgrp'd to wheel - RUNAS_USER now defaults to "yule" properly - XML logging is now on by default and tunable PR: ports/85448 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
2.0.8 31 Jul 2005 19:53:33	thierry	Update to 2.0.8. PR: 83960 Submitted by: Babak Farrokhi <babak (at) farrokhi.net> Approved by: maintainer
2.0.6 05 May 2005 09:21:28	pav	- Update to 2.0.6 PR: ports/80622 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
2.0.2 09 Nov 2004 22:20:10	pav	- Update to 2.0.2 PR: ports/73699 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
2.0.1 04 Nov 2004 12:36:59	pav	- Update to 2.0.1 PR: ports/73501 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
2.0.0 02 Nov 2004 18:12:13	pav	- Update to 2.0.0 PR: ports/73393 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
1.8.12 21 Oct 2004 12:37:50	pav	- Fix OPTIONS handling
1.8.12 16 Oct 2004 11:56:24	pav	- Update to 1.8.12 and unbreak on 5.x PR: ports/72750 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
1.8.11 13 Oct 2004 02:04:30	edwin	Update: security/samhain 1.8.10b -> 1.8.11 Updating the Samhain integrity checking system from 1.8.10b to 1.8.11. Code changes include: o for files in the IgnoreAll policy, there are no warnings (anymore) about 'no such user/group' and/or non-printable filenames o there is a new option HardlinkOffset=... to specify an offset from the canonical hardlink count for a directory o ... and a new option AddOKChars=... to modify the set of characters in a filename for which a warning (about obscure/non-printable) filename is issued. Port changes: Turn off kernel integrity checking by default - building this into packages wouldn't work anyhow, since it would only work with an identical kernel as on the build cluster. PR: ports/71169 Submitted by: David Thiel <lx@redundancy.redundancy.org>
1.8.10b 26 Sep 2004 03:03:48	kris	BROKEN on 5.x: Does not compile Approved by: portmgr (self)
1.8.10b 11 Aug 2004 23:00:12	pav	- Update to 1.8.10b PR: ports/69387 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
1.8.9 21 Jun 2004 19:09:14	pav	- Update to 1.8.9 PR: ports/68173 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
1.8.7 14 May 2004 14:18:32	pav	- Update to 1.8.7 - Fix WITH_LOGSERVER knob PR: ports/66578 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
1.8.6 19 Apr 2004 19:41:31	krion	- Update to version 1.8.6 PR: ports/65778 Submitted by: maintainer
1.8.5 06 Apr 2004 13:01:14	krion	- Update to version 1.8.5 PR: ports/65226 Submitted by: maintainer
1.8.4 19 Mar 2004 21:26:56	krion	- Update to version 1.8.4 PR: ports/64480 Submitted by: maintainer
1.8.3 18 Mar 2004 18:01:13	trevor	Add size data, approved by maintainers.
1.8.3 07 Feb 2004 05:09:02	linimon	Update to 1.8.3. See docs/Changelog for full details. Notable: new option SetBindAddress (--bind-address=...) to force interface for outgoing connections on multi-interface box use persistent connection to database by default PR: ports/62290 Submitted by: David Thiel <lx@redundancy.redundancy.org>
1.8.2 19 Jan 2004 21:46:24	pav	- Update to 1.8.2 PR: ports/61588 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
1.8.1 11 Dec 2003 09:50:16	linimon	Update to 1.8.1, mostly minor bugfixes. See docs/Changelog for details. PR: ports/59935 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
1.8.0 01 Nov 2003 14:05:52	krion	- Update to version 1.8.0 PR: 58790 Submitted by: maintainer
1.7.12 14 Oct 2003 07:11:22	daichi	update security/samhain: 1.7.11 -> 1.7.12 - Updating Samhain to 1.7.12, which contains fixes for a heap overflow in e-mail parsing. PR: 57965 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
1.7.11 24 Sep 2003 11:25:47	edwin	Update port: security/samhain Update to 1.7.11. PR: ports/56754 Submitted by: David Thiel <lx@redundancy.redundancy.org>
1.7.10 29 Jul 2003 05:45:30	daichi	update security/samhain: 1.7.9 -> 1.7.10 PR: 54997 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
1.7.9 15 Jul 2003 06:08:05	daichi	update security/samhain: 1.7.8 -> 1.7.9 PR: 54481 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
1.7.8 04 Jun 2003 09:20:58	edwin	iUpdate of Samhain to 1.7.8 Update to version 1.7.8 Fix build when MySQL logging is enabled Add LOG_SERVER and ALT_LOG_SERVER tunables Require LOG_SERVER be defined for clients Have clients request config and signatures from server by default Change TRUSTED_USER to a more accurate name (RUNAS_USER) Fix sample config file install/deinstall Add documentation on tunables PR: ports/52912 Submitted by: David Thiel <lx@redundancy.redundancy.org>
1.7.5 28 Apr 2003 00:42:32	naddy	Update to 1.7.5, fix packing list bugs, and add a more reliable MASTER_SITE. PR: 51044 Submitted by: David Thiel <lx@redundancy.redundancy.org>
1.7.4 13 Apr 2003 13:17:14	edwin	The Samhain Intrusion Detection System Samhain is a host-based Intrusion Detection System and integrity checker with advanced features such as centralized logging, MySQL/PostgreSQL support, and rootkit detection. PR: ports/46982 Submitted by: David Thiel <lx@redundancy.redundancy.org>

Number of commits found: 135 (showing only 35 on this page)

« 1 | 2

Login
User Login Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts? About the authors Issues FAQ How big is it? Security Policy Privacy Blog Contact

Search
Enter Keywords: more...

Latest Vulnerabilities

forgejo^*	Dec 18
forgejo7^*	Dec 18
forgejo	Dec 17
forgejo	Dec 17
gitea	Dec 17
gitea	Dec 17
gitea	Dec 17
zeek	Dec 16
py-matrix-synapse	Dec 15
gitlab	Dec 12
chromium	Dec 11
chromium	Dec 11
ungoogled-chromium	Dec 11
ungoogled-chromium	Dec 11
firefox	Dec 10

20 vulnerabilities affecting 292 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last processed:
2024-12-18 05:51:40 UTC

Ports
Home Categories Deleted ports Sanity Test Failures Newsfeeds

Statistics

Graphs
NEW Graphs (Javascript)

Calculated hourly:

Port count	33137
Broken	114
Deprecated	181
Ignore	239
Forbidden	1
Restricted	1
No CDROM	1
Vulnerable	34
Expired	12
Set to expire	147
Interactive	0
new 24 hours	6
new 48 hours	11
new 7 days	28
new fortnight	41
new month	168