Your concern is rootkits, which is a virus that provides server privileges without the administrators knowledge. There is no real-time blocker for rootkits, but there are a few scanners. Among those, rkhunter and ckrootkit are both free and popular. I run ckrootkit daily using cron, and the output is emailed to me so I can review it.
What most server admins are concerned with is their server being either the victim of a DDoS attack, or an unknowing participant. You should install some or all of the following security applications if you run a commercial hosting server. All of these security measures are free.
APF (Advanced Policy Firewall)
rkhunter or ckrootkit
Unless you really need it, disable recursive DNS lookups.
Run SHH either on a non-standard port (not port 22), or with authorized key access only.
You need to apply Linux updates regularly (such as yum) to plug security holes in applications. One thing I promise; if you let your updates go for a long enough time you'll get rooted sooner or later. The ankle-biters of the world never give up.
and CXS+Mailscanner for rootkits, bad permissions, execs, exploits etc.
Also, I use ClamAV
Be sure tu use a good strong password(try http://strongpasswordgenerator.com) and never save it in browsers and FTP clients. Also you could try do use SSH public key instead of password and use another user instead of root, but that's a little bit of ovekill.
cPanel HelpNet - cPanel, Linux, Virtualization tutorials, guides and more
You should disable (disable_functions in php.ini) bad (and with that useless too) commands in PHP too. This commands are those which can start/end daemons/processes and execute anything via ssh as root or similar. Most of the scripts (nearly all) work without them and they are just a security risk.