I just read a very good (and short) article on working with rootkit checker utilities.  A rootkit is a set of tools that crackers (the evil doers) use to break into your system.  linux is just as vulnerable to this sort of thing as any other OS if the system is not maintained properly – bad sysadmin = poor security on any OS.

The two tools referenced directly in the article are chkrootkit and rkhunter.  Other tools referenced in the comments to the article include tripwire (commercial, I believe) and AIDE (a free replacement for tripwire). 

An interesting point in the article (or rather in the comments) is that you're better off building a LiveCD distribution with the forensic tools like chkrootkit and rkhunter to analyze your system after it may have been infected.  This is because you can't know the nature of the infection and any running part of the system (including the kernel) could have been compromised, thus leading the forensic tools to produce output that is suspect.  By putting the tools on a LiveCD, booting that, mounting the hard disk and scanning it from the tools on the LiveCD you've eliminated any of the runtime from the potentially infected system.

Since this process makes a great deal of sense (even if it might be difficult to do in enterprises with tons of servers), you'd think there would be plenty of LiveCDs with the forensic tools installed.  I did a quick google search and only found one:  the Security LiveCD from fedoroa wiki.  This appears to have quite a few useful tools though a few others, like rkhunter, are not included because the license might not be appropriate to the fedora guidelines.  That said, you can add any missing tools fairly easily and information is provided at the Security LiveCD website explaining how this can be done.

There are lots of others, of course.  The LiveCD List at FrozenTech has a good list of security-based LiveCDs.