Both RedHat's rpm package management system and Debian's system contain some in-build integrity checking.
The command rpm -Va will verify all packages installed, that is: file size, MD5 sum, permissions, type, owner and group of all files in all installed packages is compared against the metadata stored in the RPM database. Discrepancies are displayed. The obvious weakness of this approach is that the metadata is stored in a local database which can itself be hacked.
Debian's package system comes with the debsums utility which checks the MD5 sums of installed Debian packages against metadata in the local database. Again, a weakness is that metadata is stored locally and is open to intruders. However, debsums can be told to generate MD5 sums from .deb files (rather than use local metadata) and these can be freshly downloaded to /var/cache/apt/archives:
apt-get clean
# ...ensure don't use old .deb packages for fear of corruption
apt-get --reinstall -d install `dpkg -l | grep ii | awk '{print $2}'`
# ..."reinstall all packages" --- actually "-d" ensures each is
# downloaded to local cache only (don't overwrite installed files)
debsums -g -p /var/cache/apt/archives
# ...check MD5 sums against those generated from .deb files just
# downloaded downloaded to local cache.
As usual, discrepancies indicate trojanned files. Given discrepancies,
it is best to reinstall everything:
dpkg -l | grep ii | awk '{print $2}' | xargs -i{} apt-get -y --reinstall install {}
| ...previous | cont's... |