> > What you should do right now is to get some recent general or security cd/dvd
> > with chkrootkit and rkhunter and run them from that external read-only media.
> > I would also suggest that you look over config files of all packages
> > involved.
> > jb
> Thanks! Will do, but I don't know of any FreeBSD and/or derived
> distros for security. Or can I use any Linux security distro? I
> remember reading about some trouble of Linux chkrootkit on FBSD....
This contains everything necessary to install the base FreeBSD operating system,
a collection of pre-built packages aimed at getting a graphical workstation up
and running. It also supports booting into a "livefs" based rescue mode. This
should be all you need if you can burn and use DVD-sized media.
With regard to verification of config files - you said you got backups (those
pre-incident would be best) and you have the incident-time files, so do a diff
on dirs (in particular /etc and /usr/local/etc)