> > One of my hats is a junior sys admin in an academic environment. I'm > curious as to how you know when shell users are trying to exploit a kernel > hole. chkrootkit?