/tmp directory
A lot of the time malicious scripts will be installed into
the /tmp directory
You should always checks for files in here that are
executable with:
find /tmp -perm +a=x
Check Your Filesystem
rpm -V (can't always be trusted)
check your fstab and mtab for changes
/etc/ld.*
All binaries in $PATH especially commonly used
ones
Check for binaries that have been renamed or have
wrappers around them
