I would like to write an article soon on securing a Linux server. Here are the points I've come up with so far (with thanks to nebulus for his kind advice on a few):

- Tripwire
- Bastille Linux
- ClamAV (cron - run daily, at midnight GMT+6)
- Chkrootkit and rkhunter (cron - every, say, 6 hours)
- Firewall (iptables)
- Hardware firewall/behind router with DMZ to the server on port 80 if wanted for added security
- Turning off remaining unnecessary daemons which have not been by Bastille

Is there anything I've missed? Nebulus also suggested something about sudo usage, but I'm not sure if he meant to remove the server user from the sudoers file..

Thanks,

-jk