File signatures

samhain works by generating a database of file signatures, and later comparing file against that database to recognize file modifications and/or added/deleted files.

File signatures include:

Depending on the policy chosen for a particular file, only a subset of these may be checked for modifications (see the Section called Monitoring policies>), but usually all these informations are collected.