Guillermo Bernaldo de Quiros Maraver wrote on 18/12/08 20:30: > i think, that, you can use chkrootkit for this, you can see more about > this software in their home page or in google.
thanks, but that's not what i am looking for. chkrootkit checks only a known list of binaries (mostly base i think) to see if there is a trace of infection. i'm looking to check if stuff installed on the machine has been changed. it's really about a local step on packages' binaries integrity to confirm or not suspicion of compromission. after you can compare to distant referenced packages, dd disk and forensic it. Regards