"Last month's 'Tech Support' showed you how to monitor
filesystem changes with Tripwire, a handy system utility that
alerts you to all filesystem changes. Like SNORT and others,
Tripwire's just one of many practical security measures that minds
your system 24/7.
"Another sentry tool is chkrootkit, a free utility that can
detect rootkits, loadable kernel modules, worms, and other
nefarious cracker tools. (A rootkit is a collection of tools used
to mask intrusion, obtain administrator-level access and, install a
backdoor on a target computer. A loadable kernel module, or LKM, is
a piece of code that's loaded directly into the Linux kernel.)
chkrootkit uses digital signatures to detect over fifty known
rootkits and LKMs. It also uses some simple heuristics--looking for
hidden processes, hidden directories, and a few other simple
checks--to attempt to detect unknown kits..."