On Thu, 2017-04-20 at 17:07 -0400, Bill Cole wrote: If your distro has an rkhunter package available, then I'd recommend that you install it. Once you're happy that your system clean, do its initial update "rkhunter --propupt" and thereafter make sure its run as a daily cronjob. This way you should see warnings in your logwatch report if unexpected changes happen.
The only downside that I've noticed is that you'll probably need to rerun it in --propupd mode after each system upgrade, but that can be at least partially automated. Martin
