Such tracking is not practical, at least not in context of WordPress. When we use software we don’t fully realize just how much activity is going on behind the scenes. Tracking it is massive overhead and can easily ruin performance.
I remember plugin that use checksum-based verification on WordPress files, but I don’t know if it is practical to try and extend it to handle non-core stuff.
Basically any kind of such tracking is way out of WordPress context (as for me).