However, OEL/RHEL 5 comes bundled with AIDE - Advanced Intrusion Detection Environment and I've started running tests on my test servers.
When you initialize the AIDE database as part of the final post installation steps, you run aide -i. This creates base reference database - aka snapshot - of all files that you use later on for any modifications. Using aide -u you update that db.
Small problem is that you may a lot of lgetfilecon_raw failed errors. In my case, this had to do SELinux being disabled and aide checking for it. Editing the /etc/aide.conf file and removing all references to selinux there, then reinitializing the database fixed that. Don't forget to copy the newly initialized db!