Appendix A. Host Integrity Monitoring Using Osiris and Samhain
This special Appendix is excerpted from Brian Wotring’s book, Host Integrity Monitoring Using Osiris and Samhain (Syngress Publishing, ISBN: 1-597490-18-0).
Introducing Host Integrity Monitoring
HIM is the recurring assessment of a host’s environment based on a known good state or policy. A host can be a home user’s PC, a corporate e-mail or Web server, a production build system, or a computer in an Internet café. A host can also be a router or a switch.
As shown in Figure A.1, a host’s environment can be broken down into three categories: files, configurations, and runtime. Files are the ...