I want to help guard against getting hacked (again). One thing I want to do is watch the files that have been hacked in the past (twice in fact, always the same files modified) so i can be alerted if this happens again. What is the best way to watch files for modification? This is on a linux server (and I tried installing the program "audit" but am unable to run it on this shared host so using it is out of the question).
I'm really looking for the simplest, low resource, solution. A basic unix script I could run via cron would be ideal.
EDIT I am using a unix shell script called Filetraq to handle watching my files. It is available here: http://filetraq.xidus.net/ I had to modify the script a bit as it is old and doesn't play well with diff plus I wanted to add some other variables and text, but it is quite basic and easy to use.
You can use a Host Based IDS (HIDS). Basically it's a software that generates a 'trusted' database with information and cryptographic checksums of important files on your host. After that database is created you can set it to check the files daily, and take actions if any of the files change. Some HIDS also check memory for problems. OSSEC and Tripwire are two open source softwares that may help.