Looking for some (*nix) software which will build an index of "interesting" files on a server and notify when certain of those files contents are modified, or new files appear.
Similar to rkhunter et al, but less focussed on system binaries and more on executables served via web.
Any recommendations?
Look at OSSEC, I use it to do file integrity checks on our servers, it's very complete and easy to configure. It can send mail notification, you can check alerts via command line or a web interface ...
taken from the website :
"OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response."
You might try the inotify framework. You could use it to get a list of files that are reported to you by a write_close event. You might want to investigate incron or the inotify-tools (both linked from the wikipedia page.
On the other hand it sounds like tripwire is exactly what you are searching for, to my knowledge you can simply define which files to look at. I don't see a reason why tripwire (which granted is actually for system binaries in it's basic use case) isn't suited for your use case.
The best package for this is definitely tripwire.
There's a quick-start guide here: penguinapple.blogspot.com
The guide is for Debian but the "Configuration and Use" section should be very similar for all *nix.
Also look at radmind. It can do filesystem-wide diffs and then unapply or reapply them. You can use the client utilities by themselves, or use the server to create a repository for all of your diffs.
CFEngine has the ability to track checksums for arbitrary files as well as managing the rest of your configuration. I'd assume that some of the derivative configuration management tools (like Puppet or Chef) with agents can probably also do something similar.
