With most of the products in vpsBible's Defense in Depth section, at least, there's crossover. Two or more products often do similar stuff.
Then again, it's a bit like a Venn diagram. Each sector, or product, does its own thing, then there's a doubling up, or redundancy. Different products report in different ways as well though, which assists with analysis and crime scenes.
Slamming backdoors and rootkits
Rootkit detection is a classic example. We've set up OSSEC and that scans on auto-pilot. But it's signature file, while samey, is not the same as that of product B and neither it nor B exactly match that of C. Meanwhile, rootkits and backdoors are particularly nasty little s-h-one-t-s, if you'll pardon the parochial. This malware type needs over-compensation. So, in this category particularly, we'll cover the bases. Meet B and C.
chkrootkit & Rootkit Hunter
Aside from my previous spiel, there's not much to say about chkrootkit and Rootkit Hunter. They install in two flicks of a dog's tail and, duly cronned, they'll sniff and bark at the postman:
If that installed them, this runs them:
Now paste this lot, editing the hostname and e-mail. This sets up daily scan cronjobs with feedback by e-mail. Rootkit Hunter's more advanced options are reflected here:
And that's all there is to it. Check your mail. And you may well find the Cop's Logging 101 useful too, so there's a hint.