1- analyze ur /etc/passwd for new users
2- analyze the same file for a root backdoor by making a copy of the ID of root to another user.
3- check ur net traffic.
4- check for unusual file permissions using the command find specially for permissions with SUID and SGID
5- Check ur LOG files
6- check ur iptables r the configured write and dont forget to check the xinetd service too
7- lots of things to check so just keep ur mind and ur system up2date