We are building a System Security Scanner (S3) that audits machines. It looks for vulnerabilities in Unix. We have added MD5 checksum tests for looking for unpatched binaries as well as rootkit programs. We currently have tested for Linux rootkit and SunOs rootkit. There is tests looking for other hacking signatures and intrusions. Like testing for sniffers and hidden files. We are looking for people to test this software and give us feedback. You can download the software on ftp.iss.net/sss This software currently works under Sun, Solaris, Linux. We have working on an AIX and HP version as well. I would also like to see if other people on this list think these tests are valuable to audit for. thanks, chris -- Christopher William Klaus Voice: (404)252-7270. Fax: (404)252-2427 Internet Security Systems, Inc. "Internet Scanner finds Ste. 115, 5871 Glenridge Dr, Atlanta, GA 30328 your network security holes Web: http://iss.net/ Email: cklaus@iss.net before the hackers do."