We use AIDE (Advanced Intrusion Detection Environment) for our IDS (Intrusion Detection System).
Here's a few notes of how to set it up.
yum install aide
aide --init
mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
aide --check
aide --update
If you want it to monitor your website, you'll need to add a rule into /etc/aide.conf something like:
/var/www/html/ CONTENT_EX
Create a shell script to run it and e-mail over the results
cat > /var/log/aide/aidechk.sh
#!/bin/sh
DATE=`date +%Y-%m-%d`
REPORT="Aide-"$DATE.txt
/usr/sbin/aide --check > /tmp/aidecheck.txt
cat /tmp/aidecheck.txt|/bin/grep "found differences" >> /tmp/$REPORT
if [ -s /tmp/$REPORT ]
then
mail -s "$REPORT `date` $HOSTNAME" adam@adsar.co.uk < /tmp/aidecheck.txt
/usr/sbin/aide --update
mv -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
fi
rm /tmp/$REPORT
Set permissions to execute
chmod +x /var/log/aide/aidechk.sh
And add it to your crontab
00 01 * * 0-6 /var/log/aide/aidechk.sh