Here is my own good security practices list to make Linux system safe.
(2) Default firewall policy should be - close all door open required windows. Run iptables or ipf to block unwanted traffic, IPs, unused ports.
(4) Do not run any perl or other executable code on production system as root. Always test downloaded stuff locally and use md5 checksum for verification purpose.
(5) Take advantage of SELinux (Security-enhanced Linux) which enables mandatory access control mechanism. It is also recommended that you install anti-virus/anti-spam program on all mail server such as clamav (or you can purchase 3rd party AV/Anti Spam solution).
(6) Finally run all important services in chrooted jail environment.
Update (see comment below) - Other user suggestions
(7) Remove or disable unnecessary services you don't use.
(8) Conduct some (penetration) tests to ensure you didn't misconfig your setup.
(9) Remove all compilers and network scanning tools such as nmap from servers. Why make the attacker's job easier?
Remember you can make attackers life hard but you cannot make anything 100% secure. Continues monitoring and tight security policy will keep running the service for long time without any sort of intrusion :)
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop