Here’s a great little program to keep an eye on your system files to make sure no one inappropriate is changing them! I like to have this run in cron once a week and send me a report. When your first changing your system / installing things, a lot of false positives will be tripped. But, once you settle into your system and are not constantly installing things and changing config files – this is a super handy service to have running to keep a proactive key on your file security!
After it runs, simply type:
sudo /usr/sbin/tripwire --update --twrfile /var/lib/tripwire/report/[name].twr
It will open up the report in a text editor with an [x] next to each file. Remove that X if you think the file was illegitimately changed. If all is good, leave the X’s in place and save the file. Then enter your local password and the tripwire database is updated!