Time to check if you have suffered a root compromise

There's a quickly spreading root compromise that everyone should check for that latches onto the sshd daemon. See the following threads for details on detecting the compromise:
http://forums.cpanel.net/f185/sshd-rootkit-323962.html
http://www.webhostingtalk.com/showthread.php?t=1235797
At the very least check for the existense of libkeyutils.so.1.9
As with all root compromises, simply deleting it and carrying on is not an option. If your server has been compromised you most likely cannot trust it and will need to perform an OS reinstall and restore from backups. However, unless you fix the original method of compromise, the server may simply be exploited again.
On a maybe related note, though not proven, it appears that there's a scary kernel exploit about which RedHat should have fixed soon (CentOS and CloudLinux are likely to follow quickly afterwards). So, make sure that your kernel is kept up to date at all times and look out for a new one soon:
https://access.redhat.com/security/cve/CVE-2013-0871

Time to check if you have suffered a root compromise

Useful Links

Commercial Products

Free Products and Guides