A Debian administrator might want to install…
- debsums - check installed files for tampering, not complete, but a good start.
- rkhunter - look for root kits.
- chkrootkit - look for root kits.
Think about running these regularly to catch your basic root kitter.
You could cron them, but I prefer to run them manually, since I know I'd pull the cron entry if I rooted you.
I suppose you could do a forced reinstall before running for a little extra comfort.
comment by jim, 3 years ago
I think a better tool would be one that used a central repository with a copy of each package and called on the observed machine to generate on the fly signatures of files with a random seed.
A truly nasty rooter could still thwart that by faking things in either the C runtime library or the appropriate system calls.