A PHP script, designed to be run by a cron job, which detects files which have been added, deleted or modified since the previous execution of the script. Sends emails with a summary of changes. Great for detecting malicious activity (hacking, unauthorised access other hacker actions).
Wordpress virus guard. I have seen a virus which will rewrite your php files documented here.
Malicious Uploads. This script will tell you anytime a file is added/removed/modified. This can get annoying, but between the settings available in Tripwire, and your own email filters, you should be able to come up with a nice solution.
Download this repo as a zip and install on your server, or use a git pull.
cd ~
git clone https://github.com/polyesterhat/Tripwire.git tripwire
cd tripwire
git submodule init && git submodule update
cp tripwire_config.sample.ini tripwire_config.iniThat last command will make an untracked config file (which is good). Now, configure the tripwire_config.ini file (ini file info here). At least put in your own email address and customize the paths array so the script knows which directories to watch.
crontab -eThis will open a VI editor. And paste in:
*/15 * * * * /usr/bin/php /path/to/Tripwire/tripwire.php
If you don't know how to use vi, just remember, hit the i key to start typing or pasting, and then hit Esc and Ctrl + ; to enter command mode, and once in command mode type wq and hit Enter. This will save and exit.
15 is the number of minutes tripwire should wait, if you want 5, put a 5 instead of a 15. More information here.