apt-get install iwatch
/etc/iwatch/iwatch.xml:
<?xml version="1.0" ?>
<!DOCTYPE config SYSTEM "/etc/iwatch/iwatch.dtd" >
<config>
<guard email="IWatch@host.domain.tld" name="IWatch - host.domain.tld"/>
<watchlist>
<title>Operating System</title>
<contactpoint email="user@domain.tld" name="Administrator"/>
<path type="single" syslog="on">/bin</path>
<path type="single" syslog="on">/sbin</path>
<path type="single" syslog="on">/usr/bin</path>
<path type="single" syslog="on">/usr/sbin</path>
<path type="recursive">/etc</path>
<path type="recursive">/etc/iwatch</path>
<path type="recursive">/lib</path>
<path type="exception">/lib/modules</path>
<path type="exception">/etc/hosts.deny</path>
<path type="exception">/etc/hosts.deny.purge.tmp</path>
<path type="exception">/etc/hosts.deny.purge.bak</path>
<path type="exception">/etc/sv/services/project-open/log</path>
<path type="single" events="modify" filter="iwatch">/usr/bin</path>
<path type="single" events="modify" filter="tripwire|twadmin">/usr/sbin</path>
</watchlist>
</config>