Yes. Linux rootkits are easily seen by Sandfly, even if they are trying to hide. We have a variety of methods for detecting and de-cloaking rootkits that are hiding processes, directories, files and users.
In the example below we have de-cloaked a Diamorphine rootkit module trying to hide. We have many mechanisms for finding common and not-so-common rootkit hiding methods.