My $0.02 on security. The easiest way to make sure your box isn't going to get root-kitted is to make sure you have another user on the system and then open /etc/ssh/sshd_config and change the PermitRootLogin line to say no and then restart sshd (/sbin/service sshd restart).
Every single attack I've seen on my systems was to the root user using ssh (everything else is firewalled), if ssh won't let that in to begin with, you're set. Another thing you can do is change your port numbers for your services, while not a foolproof fix, it helps keep people out of your playpen. - Ian
