TripWire is a host based intrusion detection tool. It's a pain to use but it's pretty much the industry defacto standard. If you're willling to change you might check out Osiris by the ShmooGroup.
The following link is a great resource:
One thing it doesnt mention is that to send emails you need to run:
# tripwire --check --email-report
Updating the Database
If you update any monitored system files, then the tripwire database needs to be updated.