A rootkit is a collection of tools a hacker installs on a victim's computer after gaining initial access. It generally consists of network sniffers, log-cleaning scripts, and trojaned replacements of core system utilities such as ps, netstat, ifconfig, and killall. Most times they are self-hiding toolkits used by blackhats, crackers and scriptkiddies, to avoid the eye of the sysadmin.

Programs that are used to detect rootkits are known as rootkit scanners. These programs scan your system on a periodic basis to see if any of the core tools have been tampered.

Rootkit Hunter - rkhunter - is a shell script that will detect rootkits or malware on your Linux computer. It also performs checks to see if commands have been modified, and various checks on the network interfaces, including checks for listening applications.

Chkrootkit is another tool used to detect rootkits in Linux. Chkrootkit examines certain elements of the target system and determines whether they have been tampered with.

OSSEC OSSEC is an Open Source Host-based Intrusion Detection System. It mixes together all the aspects of HIDS (host-based intrusion detection) and Security Incident Management (SIM)/Security Information and Event Management (SIEM) together in a simple, powerful, and open source solution. Ossec checks for rootkits and detects suspicious activity. http://ossec.github.io/