Unless you don't make a strong restrictive firewall, go through all services and shut all "not must have" down. And the one that are runnig better make a good check of their configuration.
Tripwire is a cool util, but once you notice that your key utils are altered you have visitors well settled in your system.
I'm a total paranoid, but being hacked may times (mostly due to unexperience), so you're never too cautious.
It's wierd though. I remember scanning everything I could, to figure out who is attacking, scanning ... me, and found that some other admins are doing unreal stupidities (checking root mail through pop3, telneting with root, ftp as root ..), and made me wonder how they get away with it, or they just tolerate compromised system.