Lynis and rkhunter both work well… I could also get speedtest.net cli running. I’m not super good at Lynis, but I think it’s saying things are okay. And I’ve yet to find malware or rootkit with rkhunter. I hope to add a cronjob for rkhunter to update, then run at lease once every two weeks at midnight.
Update: I found (not sure if it’s accurate) evidence of the Mokes backdoor… Anyone who can validate this?