/usr/share/doc/samhain/manual.html/client-integrity.html is in samhain 4.1.4-2build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>3. Client executable integrity</title><link rel="stylesheet" type="text/css" href="docbook.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="The Samhain Host Integrity Monitoring System"><link rel="up" href="security-design.html" title="Chapter 12. Security Design"><link rel="prev" href="keypad.html" title="2. Integrity of the samhain executable"><link rel="next" href="server-security.html" title="4. The server"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><!--#if expr="! ($HTTP_USER_AGENT = /MSIE/)"--><!--#include virtual="/resources/ssi/header.html"--><!--#endif--><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">3. Client executable integrity</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="keypad.html">Prev</a> </td><th width="60%" align="center">Chapter 12. Security Design</th><td width="20%" align="right"> <a accesskey="n" href="server-security.html">Next</a></td></tr></table><hr></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="client-integrity"></a>3. Client executable integrity</h2></div></div></div><p>If you use
<span class="application">samhain</span> in a
client/server setup, the client needs to authenticate to the
server using a password that is located within the client
executable, at one of several possible places (where the
valid place for your particular build is chosen at random at
compile time). If the password is set, the alternative places
are filled with random values.</p><p>Upon authentication to the server, client and server
negotiate ephemeral keys for signing and encrypting further
communication.</p><p>This implies that an intruder needs to analyse the
running process to obtain knowledge of the signing/encryption
keys in order to successfully fake a valid communication with
the server, or she needs to analyse/disassemble the
executable in order to find the password.</p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="keypad.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="security-design.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="server-security.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">2. Integrity of the samhain executable </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 4. The server</td></tr></table></div><!--#if expr="! ($HTTP_USER_AGENT = /MSIE/)"--><!--#include virtual="/resources/ssi/footer.html"--><!--#endif--></body></html>
|