Many IT pros concentrate on keeping attackers out of their systems, rather than what happens in the event of a system compromise. If attackers circumvent your military-grade security, do you know how to determine what they've done to your system?
A good place to start is by checking the log files. However, unless you're logging remotely, log files can be misleading or altogether worthless. The best bet is to employ an integrity-checking package that compares data on the system to a snapshot that was taken when the system was in a known good state and then compares the files and directories.
One such package is Advanced Intrusion Detection Environment (AIDE). This free open source tool is similar to the commercial Tripwire utility, because it creates a database of files by using multiple signature methods to confirm the integrity of your data. Quality integrity checkers don't rely on one particular means of verifying if a file has changed.
AIDE builds its database with various hashes, such as MD5, CRC32, SHA1, rmd160, last access time, and last modified time. Attackers might defeat one or more of these checks, but the multiple security layers make it difficult for an attacker to defeat them all.
While AIDE is currently in a prerelease state, it already does an extremely good job and should be a part of any IT pro's protection arsenal. Visit this Web page to find out more information about AIDE.