Later this month we are going to replace a Windows NT AdvancedServer box with a Red Hat Linux Enterprise ES box. The machine is in our DMZ with an exposed port 80 to the Internet.
When the change takes place the Linux box will be my responsibility, I don't look after the current NT box. At the same time we'll also be exposing the box to the Interent with an inbound FTP enabled as well.
Officially I'm the web/Perl person, but I'm also the only really knowledgeable Linux admin here. I have passed from the "knowing a little but not how little", to the the "knowing a little more but now knowing how little that is" stage. My paranoia is starting to kick in.
What kind of tools are there for knowing if a machine has been got at? Which ones are worth installing... Where to start?