Instead of clamscan or a rootkit detector you could use
aide to check the integrity of your server. This would rather be easy to use because you have physical access to the server.
I administer a FreeBSD server in a data center. One of the first things I did was creating a suitable pf.conf to protect the server itself for malicious incoming traffic and to prevent unauthorized outgoing traffic.
Other measures that I took
- moved ssh to another port than 22
- disabled ssh root logins
- disabled ftpd
- disabled inetd
I check the pflog logs on a regular basis. I see a lot of attempts to connect to MS SQL server, MS Remote Desktop Protocol, MS NetBios and whatever the current exploit of the week is
Also bots that try the telnet , mysql , DNS, imap, smtp, and 8080 ports.
The Apache error logs show a lot of probes for phpMyAdmin and Wordpress admin
Code:
[Sun Sep 02 14:47:40 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/_admin
[Sun Sep 02 14:47:40 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/_myadmin
[Sun Sep 02 14:47:40 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/_admin
[Sun Sep 02 14:47:40 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/_admin
[Sun Sep 02 14:47:40 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/admin
[Sun Sep 02 14:47:40 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/admin
[Sun Sep 02 14:47:40 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/admin
[Sun Sep 02 14:47:40 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/dbadmin
[Sun Sep 02 14:47:40 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/myadmin
[Sun Sep 02 14:47:41 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/mysqladmin
[Sun Sep 02 14:47:42 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/phpadmin
[Sun Sep 02 14:47:42 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/phpmyadmin.old
[Sun Sep 02 14:47:42 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/phpMyAdmin
[Sun Sep 02 14:47:42 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/phpmyadmin
[Sun Sep 02 14:47:42 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/phpmyadmin1
[Sun Sep 02 14:47:42 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/phpmyadmin2
[Sun Sep 02 14:47:43 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/php-my-admin
[Sun Sep 02 14:47:43 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/phpmyadmin
[Sun Sep 02 14:47:43 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/phpMyAdmin
[Sun Sep 02 14:47:43 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/php-myadmin
[Sun Sep 02 14:47:43 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/phpmy-admin
[Sun Sep 02 14:47:43 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/webadmin
[Sun Sep 02 14:47:44 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/mysqladmin
[Sun Sep 02 14:47:44 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/mysql-admin
[Sun Sep 02 14:47:44 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/wbsadmin
[Sun Sep 02 14:47:44 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/phpadmin
[Sun Sep 02 14:47:44 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/phpMyAdmin-2.11.4
[Sun Sep 02 14:47:45 2012] [error] [client 72.51.35.239] File does not exist: /usr/local/www/data/xyz.com/phpmyadmino-ld
By only running a static web server you already eliminate most of these attack possibilities.
I never bothered with securelevel.
At this moment I am looking into mod_security, an web application firewall. Rules for mod_security inspect the payload of the HTTP traffic and depending on the contents can block, log or deny such requests.