Intrusion Detection on Hosts and Networks
Assuming you got your system into a reasonable state, you would like to keep it there. Or, at least you would like to know if it is changed!
SIEM or Security Information Event Management is the current buzzword in the field.
File System Change Detection
is the best-known solution.
They also offer products to check router configurations
and modules used by a web server to detect unwanted
content change and serve out a "Temporarily unavailable"
page in its place.
(Advanced Intrusion Detection Environment)
is a free replacement for Tripwire, included in
many Linux distributions.
are alternatives to AIDE.
Host Intrusion Detection Systems
SNARE - System iNtrusion Analysis &
provides host-based intrusion detection for
Linux, Solaris, and Windows including graphical configuration,
monitoring, and reporting tools.
SNARE Snare Agents for Linux, Solaris, OS X, Windows
Network Intrusion Detection
Note carefully that most "network intrustion detection" system really detect an attack and not an intrusion. Still possibly useful, just make sure you understand what a tool really does.
Also be somewhat skeptical of the real need for NID. If you are running BSD, do you really care that someone on the other side of the planet is trying to exploit a risk only found on Microsoft SQL Server? Is it appropriate to waste your time being "warned" about this complete non-risk? Aggressive NID can be a denial-of-service attack against yourself!
Snort is a great tool that detects and diagnoses scans, probes, and attempted attacks.
There are many tools to automatically analyze audit trails for suspicious events. Splunk, Hewlett-Packard's ArcSight, and IBM's QRadar are the big names in the field.
Also see Purdue's CERIAS group for current research in this challenging area.