variable success
backtrack and insert look like excellent tools, as does nUbuntu which is very similar to backtrack in terms of tools and approach
all the above are designed to be used as live CDs however, and don't reallt suit my purposes
what i'm after is he ability to run chkrootkit from a readonly environment
i understand i can do this either by statically compiling chkrootkit and all the necessary binaries (awk, cut, egrep, find, head, id, ls, netstat, ps, strings, sed, and uname) on a cd, mounting the directory on my filesystem and then running chkrootkit from there - the logic being that chkrootkit and the binaries are uncorruptable being read only
or i can run chkrootkit with the -p option and just point to the mounted binaries
eg: chkrootkit -p /mnt/path/to/read-only/binaries
see
http://www.oreilly.com/pub/h/1406 for the sort of thing i'm trying to do
what i lack is the knowledge how to statically complie the appropriate binaries +/- chkrootkit onto a CD so the above strategy works
on the bright side i'm enjoying myself with backtrack finding all the holes in my LAN !!
neill