“Last month’s ‘Tech Support’ showed you how to monitor
filesystem changes with Tripwire, a handy system utility that
alerts you to all filesystem changes. Like SNORT and others,
Tripwire’s just one of many practical security measures that minds
your system 24/7.“Another sentry tool is chkrootkit, a free utility that can
detect rootkits, loadable kernel modules, worms, and other
nefarious cracker tools. (A rootkit is a collection of tools used
to mask intrusion, obtain administrator-level access and, install a
backdoor on a target computer. A loadable kernel module, or LKM, is
a piece of code that’s loaded directly into the Linux kernel.)
chkrootkit uses digital signatures to detect over fifty known
rootkits and LKMs. It also uses some simple heuristics–looking for
hidden processes, hidden directories, and a few other simple
checks–to attempt to detect unknown kits…”