Security Design

Usage

It is recommended to:

If you use a precompiled samhain executable (e.g. from a binary distribution), in principle a prospective intruder could easily obtain a copy of the executable and analyze it in advance. This will enable her/him to generate fake audit trails and/or generate a trojan for this particular binary distribution.

For this reason, it is possible for the user to add more key material into the binary executable. This is done with the command:

samhain --add-key=key@/path/to/executable

This will read the file /path/to/executable, add the key key, which should not contain a '@' (because it has a special meaning, separating key from path), overwrite any key previously set by this command, and write the new binary to the location /path/to/executable.out (i.e. with .out appended). You should then copy the new binary to the location of the old one (i.e. overwrite the old one).