Capt_Caveman is correct. You need to do a full install from scratch, then add in Tripwire (which is on the RH9 CD 3), set up your firewall (iptables) carefully.
Then test aginst it using nmap (also on RH9 CD 2). Then download www.chkrootkit.org
and set it to run via cron. Tripwire should have installed in cron automatically.
Check which services are running via menu: System Settings | Server Settings | Services and turn off all the ones you don't need. Do this immediately after the install.
Check if anything is needed running under xinetd.
Always use ssh/scp/sftp, never telnet, ftp, r* cmds.