A paper entitled "Experiences with Tripwire: Using Integrity
  Checkers for Intrusion Detection" by Gene H. Kim and Eugene H. Spafford
  appeared in the proceedings of the Usenix/Fedunix SANS conference in
  1994.  

  This paper begins by motivating the need for an integrity checker by
  presenting a hypothetical situation any system administrator could
  face.  An overview of Tripwire is then described, emphasizing the
  salient aspects of Tripwire configuration that supports its use at
  sites employing modern variants of the UNIX operating system.
  Experiences with how Tripwire has been used in "in the field" are
  then presented, along with some conjectures on the prevalence and
  extent of system breakin. Novel uses of Tripwire and no-table
  configurations of Tripwire are also presented.

  The paper is available via ftp from coast.cs.purdue.edu as
  pub/COAST/Tripwire/Tripwire-SANS.ps.Z