app-forensics/samhain
Advanced file integrity and intrusion detection tool.
Screenshots
-
samhain-2.2.0~x86crypt debug login-watch mounts-check mysql netclient netserver postgres prelude static suidcheck userfiles xml
View 
Download License: GPL-2
-
samhain-2.1.3~x86crypt debug login-watch mounts-check mysql netclient netserver postgres prelude static suidcheck userfiles xmlView Download License: GPL-2
USE Flags
crypt
Global: Add support for encryption -- using mcrypt or gpg where applicable
debug
Global: Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see http://www.gentoo.org/proj/en/qa/backtraces.xml
login-watch
Global: Compile in the module to watch for login/logout events
Local: Compile in the module to watch for login/logout events
mounts-check
Global: Compile in the module to check for correct mount options
Local: Compile in the module to check for correct mount options
mysql
Global: Adds mySQL Database support
netclient
Global: Compile a client, rather than a standalone version
Local: Compile a client, rather than a standalone version
netserver
Global: Compile a server, rather than a standalone version
Local: Compile a server, rather than a standalone version
postgres
Global: Adds support for the postgresql database
prelude
Global: Adds support/bindings for the Prelude Intrusion Detection System
static
Global: !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically
suidcheck
Global: Compile in the module to check file system for SUID/SGID binaries
Local: Compile in the module to check file system for SUID/SGID binaries
userfiles
Global: Compile in the module to check for files in user home directories
Local: Compile in the module to check for files in user home directories
xml
Global: Add support for XML files