Hi Andreas,

3 - which of the tools should i have running deamonized? I ran rkdet daemonized.

4 - which files should i protect/have watched by rkdet? I added /usr/bin/lsof, /sbin/lsmod and /bin/df to xstrings.txt.

5 - what do you think of the idea of creating and regularly running a customized shellscript that would unzip the tools plus a set of trusted binaries and then uses these instead of the always-installed ones? But that would mean i had to make special setups/'make install's, wouldn't it? and it wouldn't work with resident tools (rkdet) at all, right? I do this with tripwire. I compiled and installed it on the machines to be checked as if it was a permanent installation. And now I copy the executable, the config files and the database every night to the machines to be checked, do the check and then delete the files again. Bye Uli -- Ulrich Roth IMPACT Business & Technology Consulting GmbH Im Mediapark 8 / KölnTurm D-50670 Koeln Phone +49-221-93 70 80-29 Fax +49-221-93 70 80-15 E-Mail: roth@impact.de