AntiExploit is the first ON-ACCESS exploit-scanner for Linux and FreeBSD. Aexpl can help you to identify local intruders or users who want to harm your or other systems with well known tools.
aexpl uses the dazuko kernel-modul and md5sums (signatures are planed) to identify bad files when they are created or used by listenning to the kernel file systemcalls. So you can immediately interact with the file and fileowner.
AntiExploit was successfully tested under FreeBSD 4.10-RC2, FreeBSD 5.2.1-REL, Debian Woody with Kernel 2.6.6 and Debian Testing with Kernel 2.4.25, SlackWare 9.1 with kernel 2.4.22.
1.3 Beta 4 is a Release Candidate, do not use it on production systems, your machine can hang under certain cercumstances!!! But please test it!
The latest version is 1.3 Beta 4 (Beta release)
Found this on Freshmeat, definitely will look into giving it a try maybe.