If you really want to clean up residual wastes, you should remove the compromised host from your network and re-install the OS from scratch. This might not have any effect if you do not know how the intruder got root. In this case you must check everything: firewall/file integration/loghost logfi les and so on.
Securing Debian HOWTO
v1.1 31 mayo 2004Thu, 7 Dec 2000 19:10:13 +0100ar@rhwd.net
ilgiz@mail.rb.ru