Firstly, this is not some virus or worm that works it's way onto your machine. It's a payload that someone puts there possibly among other things. This means that if you have this on your machine, or if you have reason to think you have this on your machine, simple removal is not an acceptable solution. Whoever put the rootkit on the machine could have done almost anything else while he did it, and you are not guaranteed to find it all. If you find this on your machine, you need to produce a data-only backup of the machine, kill the partitions, and set it up again.
As these rootkits are designed by rather smart people to overcome all existing tools, there simply cannot be generic tools that catch them all. If you get hit by a bunch of script kiddies using outdated tools, things like rkhunter and chkrootkit can help. Modern rootkits are almost by definition undetectable by them. If it's actually new, the way you find out about it is typically either a separate NID box between the machine and the wall that alerts, or the behaviour of the box changing.
So for a low traffic Web server like application, we might be running the OS itself (/) from a read only filesystem (e.g. making a 'live' CD-ROM or USB image) and having read/write only for user files and logs?
End user here: I just have a Linux laptop, interested in servers on the 'wild' web
As these rootkits are designed by rather smart people to overcome all existing tools, there simply cannot be generic tools that catch them all. If you get hit by a bunch of script kiddies using outdated tools, things like rkhunter and chkrootkit can help. Modern rootkits are almost by definition undetectable by them. If it's actually new, the way you find out about it is typically either a separate NID box between the machine and the wall that alerts, or the behaviour of the box changing.