These should probably also be installed under other linux distros (might already be). But for the sake of completeness here they are:
1) denyhosts: great little package that’s already 98% configured after apt-get install process. It runs as a daemon and monitors /var/log/auth.log file for unsuccessful ssh logins and takes measures to ban the originating IP in /etc/hosts.deny. The cool part is that it does not need access to firewall or anything. Config file is /etc/denyhosts.conf and is pretty self explanatory. Ubuntu package is called “denyhosts” and needs python to work.
2) chkrootkit: another little gem that you install via apt-get install process. Ubuntu package is called “chkrootkit”. After install do “man chkrootkit” for more info, but the gist of it is that when run from command line it uses it’s own utils (located in /usr/lib/chkrootkit) to see if the system is infected.
3) rkhunter: this util is really a giant shell script, but it’s really nice and easy to use. Again use Ubuntu package name “rkhunter” to install it. It’s config file goes into /etc/rkhunter.conf and is pretty nicely setup by default. Next run “rkhunter –update” to update the discription/signature files from their website, then run “rkhunter –propupd” to grab a snapshot of the various files installed on your system. This will be used later, every time you run the command to see if anything has been changed by trojans/rootkits. Finally run “rkhunter –check” to actually run all the tests and see if you’re good to go. At the end if there are warnings check /var/log/rkhunter.log for a list of explanations about those warnings (suspicious filenames, hidden file locations, etc.)
Have fun and remember kids Vitamin U(buntu) is good for you.