Picture this: You have a mac, connected to broadband with outside access to it (maybe you have a web server or are using SSH / SFTP / SCP for remote file access) or maybe you have a server running OS X. How do you check that no-else has gained access and is snooping around (apart from all the obvious security stuff like firewalls and decent passwords and not using FTP and so on)? You use a trip wire!

Here are three articles describing between them 2 approaches …

CheckMate :: Mac OS X Software :: Brian Hill: "Checkmate is a preference pane for MacOS X 10.1 or higher that allows you to generate and compare secure MD5 checksums of critical files. This can be used to detect whether these files have been altered by viruses, root kits, trojan horses, or other possibly malicious programs. (macosxhints - Install and tweak the Checkmate tripwire: “Brian Hill‘s excellent Checkmate is a Preferences panel that does just that. Unfortunately, he is no longer updating it, and it has some limitations … so here’s a quick tutorial on making it work.”)"

Tripwire on OS X: “For the past several years, Tripwire Inc. has offered an Open Source version of their file integrity product - but I always felt there was one major drawback: no support whatsoever for the Mac. Fortunately, the developer community also perceived this gap and put together a Darwin-compatible patch.”

And one with a OS X Server bias:

AFP548 - How to install and update the Checkmate tripwire: "A glance at the underground sites shows a growing number of rootkits in development. Combine this with known, unpatched vulns, like the iSync mrouter privs escalation vuln, and I'm feeling naked without a tripwire.

Ed. Note: A tripwire application hashes a set of files and then looks for the files to change. Hopefully alerting you when that happens."