Nowadays, folks try to do as much as possible in RAM -- by that I mean no patching files or writing to the FS at all. So, keeping track of modifications to any sort of executable file (even indirectly executable, hell, even if it's not executable) will certainly be a handy tool but not as much as you'd think. Also,
debsums already does this and I'm sure other package managers support similar functionality. Now, if there's no such utility for your system (even commercial 3rd-party) then you may have chosen/setup the wrong system.
Also, AppArmor-like systems are quite handy too as they allow very fine-grained control for what operations a certain process/executable can perform, thereby allowing you to avoid modifications to the FS via an exploited vulnerability in the first place (and also limit what the exploit's payload will be able to execute once in RAM, no execution privs means no way to execute a shell which makes things much harder).
But even so, privs can be escalated and jails can be broken and vulns can be chained, better get some security education and minimize the chances of writing vulnerable code in the first place, and then carefully fix the inevitable vulnerabilities which you'll surely introduce as soon as you learn about them.