Found this “Linux Rootkit Hunter” and gave it a go – works well enough and worth running on some systems.
Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
– MD5 hash compare
– Look for default files used by rootkits
– Wrong file permissions for binaries
– Look for suspected strings in LKM and KLD modules
– Look for hidden files
– Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use.
See the website for more info and download:
This site runs through the install and operation:
Linux Detecting / Checking Rootkits with Chkrootkit and rkhunter Software:
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
You can install it from most repos, with Debian/Ubuntu you can install with an apt-get install unhide
To use the tool:
sudo unhide-linux26 proc sudo unhide-linux26 sys sudo unhide-linux26 brute
It also has a TCP/UDP port scanner to check for hidden listening ports etc.
More info see the developers website http://www.unhide-forensics.info