You may have noticed that Trouble was down all last night. This was because it started getting hard IO errors on its one and only disk, and somehow autonomously decided to make it’s own /var area read-only. It took a hard reset to get it back on its feet this morning.
In reaction to this, I have installed the smartmontools package and set it up to frantically mail me if anything goes even slightly wrong with the disk. Will keep you posted, if the posting forum remains available. 
In unrelated but reassuring news, the OSSEC author Daniel Cid has posted a straightforward exaplanation of the spurious rootkit detection issue: netstat won’t list a socket if it is allocated but never used, however attempts to re-allocate the socket will still get ‘in use’ messages. This will very likely happen a lot if you have something moderately hefty stomping on your available ports like, say, the LDAP which underlies trouble. Hmmm. There may be a fix, we hope. I have asked for one, anyway.