Like, another stupid example:
echo "1" > /proc/sys/net/ipv4/tcp_syncookies(syn_cookies, I am told, helps to prevent or reduce ddos attacks).
pfsense is FreeBSD, not Linux. We've been through all the appropriate security settings and done what we can, but FreeBSD doesn't leave big gaping holes open by default like many Linux distros do, hence we're "secure by default", and don't need check boxes to "lock things down".
Agree w/Scott, adding checkboxes for things that should be permitted or not permitted via firewall rules is silly. Want to allow ping? Add a WAN rule. Don't want to? You're fine by default. Ditto for anything/everything else. What if you only want to allow ping from certain IP's on the Internet? That checkbox isn't going to help you. Lots of similar situations.
chkrootkit works on pfsense, though it's not a package in the GUI. If you enable SSH, SSH in, open a shell, and run the following you can run it.
# pkg_add -r chkrootkit
Note that if you don't religiously keep chkrootkit up to date, it'll report false positives after OS updates.