Many of the files on a UNIX system should not be modified during normal operation. This includes the various configuration options, system supplied binaries and libraries, and the kernel. Additionally, the software packages are generally not installed or modified during a system run. However, when an attacker breaks into a system, they frequently will create backdoors to let themselves in later. Also, they might use a “rootkit” to modify the system binaries such that they do not report the changes that were made.