Release Notes: Log rotation can be handled more gracefully now. An option to ignore modifications of transient files during their lifetime has been added, and it is possible now to build a Debian client package with a preset password. A problem with large groups has been fixed, as well as reconnecting to a temporarily unavailable Oracle database.
Release Notes: Some build errors have been fixed, as well as the 'probe' command for the server (clients could be erroneously omitted under certain conditions). An option has been added to the Windows registry check to ignore changes if only the timestamp has changed, and full scans requested by the inotify module will now only run at times configured for regular full scans.
Release Notes: A bug with the correlation of entries in monitored log files has been fixed, and a deadtime option has been added to avoid repetitive reports. In verbose mode, the policy under which a directory or file is monitored will be reported now. The update function has been enhanced with an option to update only files listed in a text file, and issues with some compile options have been fixed.
Release Notes: A regression has been fixed that under certain circumstances would cause samhain to hang when reloading the configuration file. A compile error in the samhain_hide.ko kernel module has been fixed. A contributed patch for samhainadmin.pl has been included that allows you to specify the location of the secret keyring. The (l)stat timeout has been increased to fix spurious timeouts under heavy load. The Apache log file parser has been enhanced to allow the insertion of arbitrary regexes into the format definition. New options allow you to define the port range for the open ports check.
Release Notes: Samhain now runs lstat/stat calls in a subprocess to avoid getting blocked by hanging NFS mounts. A compile error on Windows/Cygwin as well as minor networking issues have been fixed.
Release Notes: It is possible now to skip checksumming for files matching user-defined criteria (based on file size, permission, name, and/or file type). Several minor bugs have been fixed.
Release Notes: On Linux, it's possible now to have samhain report who changed a file (employing the kernel audit system). A module has been added to monitor keys in the Windows registry, and IPv6 networking is supported now.
Release Notes: Logging of client reports to prelude can be done by the server now (rather than by the clients themselves). The configuration file parser now accepts C-style quoting for filenames, and the maximum line length has been increased to 16382 characters. Some compile problems have been fixed.
Release Notes: The login monitoring module has been enhanced to check for anomalies. The kernel integrity check now supports Linux/x86_64, as well as Linux kernels that have /dev/kmem disabled.
Release Notes: The log monitoring module has been enhanced to allow monitoring the output of shell commands. Some bugs in the log monitoring and kernel checking modules have been fixed.