We've been searching for a simple file integrity monitoring solution on CentOS/Linux that will work on the application level. We are not looking for OS/network level IDS as OSSEC and the others do a pretty good job at that.
We have looked at centralized (OSSEC) and non-centralized (Tripwire Open Source) however they each have their limitation in regards to file restrictions and recursively monitoring thousands of files/directories.
Essentially we have thousands of php/cgi/pl files which we will like to monitor for changes/injections. The problem is they are all in directories that might contain other filetypes and other things that changes. Directory integrity checking is not an option as the directory might changes but not the files we are interested in monitoring.
Is there a software out there that can take a 'find' command to get a file list, places this file list in a database with an md5 checksum for each file and then on the next run it matches the file list file by file and alerts of any changes to the md5 checksums and new files?