Do you think it's worthwhile to install and configure tripwire on an iptables firewall box?
I myself prefer to use Aide, but some kind of file integrity checking on your firewall is an excellent idea (I also regularly audit running processes, listening ports, etc.). If someone whacks the box, you certainly want to know about it ASAP. The more checks you do the better.
HTH, C
