Hi list, i have downloaded chkrootkit, check_ps and rkdet, but i have a hard time in figuring out how (best) to use them. As far as you don't see your own security compromised, i'd like to know some of your thoughts or configurations of these tools... 1 - are any of the tools redundant and can be dropped (i think i understood that the functionality of check_ps is provided by chkrootkit as well which does even more...)? 2 - is any anti-rootkit tool missing (not speaking of tripwire etc.)? 3 - which of the tools should i have running deamonized? 4 - which files should i protect/have watched by rkdet? 5 - what do you think of the idea of creating and regularly running a customized shellscript that would unzip the tools plus a set of trusted binaries and then uses these instead of the always-installed ones? But that would mean i had to make special setups/'make install's, wouldn't it? and it wouldn't work with resident tools (rkdet) at all, right? and so on, i could go on asking for hours, but i'll appreciate just about any help. TIA, Andreas -- To know recursion, you must first know recursion. -- My Public PGP Keys: 1024 Bit DH/DSS: 0x869F81BA 768 Bit RSA: 0x1AD97BA5