Nice article. However, after an exploit comes detection and than mitigation/remediation. Without detection there is no mitigation. Regarding

Integrity monitoring, I found ossec [ http://www.ossec.net ] to be much more useful than tripwire or aide and it also does rootkit detection and log analysis...

[ more ]