Notes:
Once compromised, the intruder needs to hide from the admins...
wtmp / syslog cleansers can be as simple as:
# rm /var/log/syslog
# touch /var/log/syslog
trojans usually include:
- ps / top
- ifconfig / netstat
