On Sunday 30 Oct 2011 13:32:26 James Broadhead wrote:
> I'm surprised that no one has mentioned rkhunter yet - loads of lib
> exploits allow system access, and there's a pretty solid argument that says
> that compromising a user account on the average *nix system allows enough
> resourses to do a lot of malicious activity without even needing privilege
> escalation.

I have ...

All I use on my boxen is chkrootkit and rkhunter.

rkhunter-1.3.8 is currently giving me false positives:
======================
File properties checks...
    Required commands check failed
    Files checked: 138
    Suspect files: 1

Rootkit checks...
    Rootkits checked : 245
    Possible rootkits: 2
    Rootkit names    : Xzibit Rootkit, Knark Rootkit

Applications checks...
    Applications checked: 3
    Suspect applications: 0
======================

This is known and I believe fixed in later versions.
-- 
Regards,
Mick