Hello. "Note, however, that there are rootkits which might work even in this case, there are some that tamper with /dev/kmem (kernel memory) directly to make themselves undetectable." How to avoid those? http://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html Cheers