- For files under the 'GrowingLogfiles' policy, the checksum is now
verified up to the previous size.
- Server-to-server relay is possible.
- More user policies are available now.
PR: ports/96643
Submitted by: maintainer (David Thiel)
Updating the Samhain integrity checking system to 2.1.0, a
bugfix release.
It's been requested by several people to break Samhain out
into separate client and server ports. This PR does that,
with a samhain-client and samhain-server port, as slave
ports off of samhain. I'm not sure the best way to submit
a PR to do this kind of action, but here is a shar of all
three ports. If another format is desired, please let me
know. I'm also interested in feedback on the approach used
for splitting these out.
PR: ports/90305
Submitted by: David Thiel <lx@redundancy.redundancy.org>
- samhainrc.sample file is chgrp'd to wheel
- RUNAS_USER now defaults to "yule" properly
- XML logging is now on by default and tunable
PR: ports/85448
Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
Updating the Samhain integrity checking system from 1.8.10b to 1.8.11.
Code changes include:
o for files in the IgnoreAll policy, there are no warnings
(anymore) about 'no such user/group' and/or non-printable filenames
o there is a new option HardlinkOffset=... to specify an
offset from the canonical hardlink count for a directory
o ... and a new option AddOKChars=... to modify the set of
characters in a filename for which a warning (about
obscure/non-printable) filename is issued.
Port changes:
Turn off kernel integrity checking by default - building
this into packages wouldn't work anyhow, since it would
only work with an identical kernel as on the build cluster.
PR: ports/71169
Submitted by: David Thiel <lx@redundancy.redundancy.org>
new option SetBindAddress (--bind-address=...) to force
interface for outgoing connections on multi-interface box
use persistent connection to database by default
PR: ports/62290
Submitted by: David Thiel <lx@redundancy.redundancy.org>
- Updating Samhain to 1.7.12, which contains fixes for a heap overflow
in e-mail parsing.
PR: 57965
Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
Update to version 1.7.8
Fix build when MySQL logging is enabled
Add LOG_SERVER and ALT_LOG_SERVER tunables
Require LOG_SERVER be defined for clients
Have clients request config and signatures from server by default
Change TRUSTED_USER to a more accurate name (RUNAS_USER)
Fix sample config file install/deinstall
Add documentation on tunables
PR: ports/52912
Submitted by: David Thiel <lx@redundancy.redundancy.org>
Samhain is a host-based Intrusion Detection System and
integrity checker with advanced features such as centralized
logging, MySQL/PostgreSQL support, and rootkit detection.
PR: ports/46982
Submitted by: David Thiel <lx@redundancy.redundancy.org>
