Package tripwire

IDS (Intrusion Detection System)

https://github.com/Tripwire/tripwire-open-source/

Tripwire is a very valuable security tool for Linux systems, if it is
installed to a clean system. Tripwire should be installed right after
the OS installation, and before you have connected your system to a
network (i.e., before any possibility exists that someone could alter
files on your system).

When Tripwire is initially set up, it creates a database that records
certain file information. Then when it is run, it compares a designated
set of files and directories to the information stored in the database.
Added or deleted files are flagged and reported, as are any files that
have changed from their previously recorded state in the database. When
Tripwire is run against system files on a regular basis, any file
changes will be spotted when Tripwire is run. Tripwire will report the
changes, which will give system administrators a clue that they need to
enact damage control measures immediately if certain files have been
altered.

Special Files
Special File Description
twconfig Tripwire configuration file reference
twpolicy Tripwire policy file reference
File Formats
File Description
twfiles overview of files used by Tripwire and file backup process
System Administration
Command Description
siggen signature gathering routine for Tripwire
tripwire a file integrity checker for UNIX systems
twadmin Tripwire administrative and utility tool
twintro introduction to Tripwire software
twprint Tripwire database and report printer