23.4. Samhain
Samhain (www.la-samhna.de/samhain/), which is another free, open-source file integrity monitor, can be used either as a stand-alone program on individual computers (like Tripwire) or as a client-server monitoring and management system (like Radmind). It monitors most file metadata (including ownership, permissions, modification dates, and ACLs) and lets you exclude folders or files you want to ignore. Unlike Tripwire, Samhain has built-in scheduling, although you can also run it manually if you prefer.
Samhain isn't available in binary form for Mac OS X like Radmind and Baseline (described next) are; as with Tripwire, you must compile it from source code, install it, and configure it manually before use. Unfortunately, just as Samhain has a great many more features than Tripwire, it's also significantly more complicated to use. If you're interested in delving into its many options, consult the documentation at www.la-samhna.de/samhain/manual/ for guidance.
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
