I favor Red Hat and I know we use ossec at work. I believe you can use it under a free license but the configuration is rather complex imho.
There is also snort which is a more libre project, but it's more of a full featured IDS that try to sell subscriptions for patterns. Think of them sort of like virus definitions but for rootkits and intrusions.
You can technically setup Snort as a tripwire.
A tripwire is very simple, some people have made them from scratch using Cronjobs and shell scripts. They simply maintain a database of all your files and their checksums, and alert you when a checksum changes.
But security is more than just an IDS. I would recommend SElinux+IDS+remote logging+MFA+granular user security and more!
There is also snort which is a more libre project, but it's more of a full featured IDS that try to sell subscriptions for patterns. Think of them sort of like virus definitions but for rootkits and intrusions.
You can technically setup Snort as a tripwire.
A tripwire is very simple, some people have made them from scratch using Cronjobs and shell scripts. They simply maintain a database of all your files and their checksums, and alert you when a checksum changes.
But security is more than just an IDS. I would recommend SElinux+IDS+remote logging+MFA+granular user security and more!