From the Wikipedia page on "Rootkit":

A root kit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes.

A root kit typically hides logins, processes, and logs and often includes software to intercept data from terminals, network connections, and the keyboard...

A rootkit may also include utilities, known as backdoors to help the attacker subsequently access the system...

If their is a possibility that an intruder has gained root privileges on your machine, they may have installed a root kit. If so, you should not trust any of the standard tools such as ls, ps, netstat, login or syslogd: ls, ps and netstat may simply hide certain files, processes and connections; syslogd may not log certain events.

You will need a set of uncompromised utilities.