>I'm pulling over the chkrootkit package. Sounds like >exactly what I'm looking for! For reasons already mentioned by Derek and others, the results obtained from chkrootkit are only trustworthy in the positive case. A negative result is inconclusive, since you're basically asking the compromised system, "Hey! Are you compromised?"