One unnerving thing about UNIX Operating Systems is the number of setuid and setgid root binaries. These binaries run with root privileges, and are often the first binaries examined by individuals wishing to escalate privileges on a system. To keep tabs on setuid and setgid files, the following find(1) statement can be run periodically:
$ find / -type f \( -perm -2000 -o -perm -4000 \) | sort
This will find and sort all binaries with the setuid or setgid bit set. The output can be stored in a secure location, and periodically compared (with a trusted kernel and version of find) with the current set of binaries on a server. While not foolproof, it is definitely better that nothing. :)