Detecting Attacks in Progress: Intrusion Detection
Not only are there tools for limiting network access, but there are also tools for detecting an attack in progress. These tools are known as intrusion detection tools. We will look at Tripwire, PortSentry, and Snort.
Tripwire is a utility that monitors the integrity of important files or directories. It stores information in a database about files and directories that you've specified. You can then use Tripwire to check whether there have been any changes to your files. It checks the current state of the files against the information in its database.
There is an open source version of Tripwire available at http://sourceforge.net/projects/tripwire/. A patched version that runs on Mac ...