Mario Vukelic wrote: > On Fri, 2006-06-16 at 02:26 +0100, loell wrote: >> rootkit detector > > Not reliable if the machine is in fact already compromised > That's why I always use tripwire on every machine. The rootkit can't modify the database (it's signed). It might delete the tripwire database, but that tells me the machine's been compromised, too.