Three handy security tools for Debian
A Debian administrator might want to install…
- debsums  - check installed files for tampering, not complete, but a good start.
- rkhunter - look for root kits.
- chkrootkit - look for root kits.
Think about running these regularly to catch your basic root kitter.
You could cron them, but I prefer to run them manually, since I know I’d pull the cron entry if I rooted you.
I suppose you could do a forced reinstall before running for a little extra comfort.
A truly nasty rooter could still thwart that by faking things in either the C runtime library or the appropriate system calls.