Title: Experiences with Tripwire: Using Integrity Checkers for
Intrusion Detection 
Authors: Gene H. Kim  Eugene H. Spafford  
File name: pubCOASTTripwireTripwire-SANS.ps.Z 
File size: 47823 bytes 

Abstract: This paper begins by motivating the need for an
integrity checker by presenting a hypothetical situation any
system administrator could face.  An overview of Tripwire is then
described, emphasizing the salient aspects of Tripwire
configuration that supports its use at sites employing modern
variants of the UNIX operating system. Experiences with how
Tripwire has been used in "in the field" are then presented,
along with some conjectures on the prevalence and extent of
system breakin. Novel uses of Tripwire and no-table
configurations of Tripwire are also presented.