I know some of our customers use Tripwire Enterprise across platforms, but it's a non-free solution.
We do have customers on linux using Linux audit (auditd) to accomplish general system auditing. That's probably your best bet as a place to start, but we don't have any documentation on setting it up in house. Here's a pretty good overview: Linux Super-Duper Admin Tools: audit
PS: We do have a connector for this one, so when you get it set up, you just need to configure the connector on the agent to monitor the right log file (usually somewhere in /var/log, sometimes even /var/log/audit.log).