I have a home box that I was worried about it perhaps having a rootkit on it. I used a few rsync commands to compare a known good system to the suspect one. I think rsync was a good tool for this. I still have to do other checking for a potential hack problem, but rsync got me off to a good start. I like how flexible rsync is. I used: rsync -nR -e ssh -av $src $dst I also did a rsync with a -c just to double check things. The only files that rysnc reported diffs on were ones that I expected to be different. eric