Rootkit

[Dave Burns]

> getting the filehash of all the binaries
> installed from the beggining storing all the values in a database (outside
> from that box) and then if you think you could be hacked, just run again the
> filehash and compare it with the original one you got...

This is what tripwire and aide do. Not to mention rpm -v or even
md5sum. The hard part is to make sure that your hash tool and its
database have not also been tampered with.

Dave