From Fancypiper's excellent links, start with checking the security basics listed in the Security references. If this is going to be a public server I would force having Aide, Samhain or tripwire installed right after the OS install. Next open up a RH up2date account. It's free and after the initial scan you've got all the RHSA security fixes ready to d/l and install (all except kernel and libc of course: do those manually).
After doing "the basics" and updating the system, focus on what the systems purpose will be. That generates a list of apps to check, apps to deinstall, restrictions to be placed on the filesystem, users and processes and networking measures.
I'f you're willing to turn this thread into an account of what you people try to do and how you secured aspects of the box, that would be interesting.
|