The Trouble With Tripwire

by Edward R. Arnold Sept. 1, 2017 via Symantec

Even with the protection of a security perimeter, the fact remains that firewalls aren't foolproof and that potential attackers are hard at work, 24 hours a day. Furthermore, some organizations must allow remote logins to machines from sites outside their perimeter, meaning they must maintain a certain number of semi-exposed hosts that are vulnerable to attack. It is not enough to know that a system has been exploited. If an attack is detected, how can it be determine that a system has actually been compromised and important files removed or altered? One answer is to always run Tripwire, or one of its free-ware cousins, in order to detect changes in critical system files.

https://www.symantec.com/connect/articles/trouble-tripwire