For network intrusion detection I would recommend snort www.snort.org but for host based intrusion detection tripwire is my recommendation. That should come loaded on your linux box but make sure that you take the time to configure it and run it. It will let you know what files have been added/modified/deleted since the database was created. This will come in helpful if you are successfully hacked and need to know what was done.

dAggressor

Oh yeah I almost forgot, I haven't set this one up yet, but am trying to do it in my spare (yeah right) time. The site is located at http://www.lids.org/ it seems to be pretty good, but like I said I haven't used it yet.