A paper entitled "Writing, Supporting, and Evaluating Tripwire: A
  Publically Available Security Tool" by Gene H. Kim and Eugene H.
  Spafford appeared in the proceedings of the Usenix/Fedunix
  Applications Development conference in 1994.

  This paper begins with a brief overview of what Tripwire does and
  how it works.  We discuss how certain implementation decisions
  affected the course of Tripwire development.  We also present other
  applications that have been found for Tripwire.  These unanticipated
  uses guided the demands of some users, and we describe how we
  addressed some of these demands without compromising the ability of
  Tripwire to serve as a useful security tool.

  We also discuss the process of releasing, and then supporting, a
  widely available and widely used tool across the Internet, and how
  meeting users' high expectations affects this process.  How these
  issues affected Tripwire, done as as an independent study by an
  undergraduate, is also discussed.  Software tools that were used in
  developing and maintaining Tripwire are presented.  Finally, we
  discuss problems that remain unresolved and some possible solutions.

  The paper is available via ftp from coast.cs.purdue.edu as
  pub/COAST/Tripwire/Tripwire-appdev.ps.Z