New versions of OSX (10.4+) support larger amounts of metadata for each inode. In particular, they support Access Control Lists and arbitrary extended attributes. ACLs, in particular, make a massive difference in OSX 10.5, since they are checked before POSIX permission metadata.
It doesn't look like there is much active development being done on Tripwire these days, but I still trust this code base more than any of the newcomers (particularly because no newcomer has emerged in the security community as a trusted alternative).
Other than a series of warning messages, Tripwire 2.4.1 still compiles and runs fine on OSX 10.5.4. If no developers are working towards support of ACLs and xattrs, I may try to add code for these myself. I found some sample code that shows OSX's use of the calls for these features.
But my code modification skills are 10 years rusty, and the last time I tweaked Tripwire it was still in C.
Is anyone working on support for ACLs and xattrs, or am I on my own?
And if I have to make a tweak myself, how do I submit it to this project?
Thanks for all the hard work on such a vital tool.