And yes I know about root login via ssh and hidden files, and I keep this box (debian-testing) up to date.<BR><BR><BR>The question I guess is, WHY is CHKROOTKIT detecting these files and emailing me ...