A few suggestions:

1) Use Sudo to limit who can access root via su and execute programs

2) Use Shadopasswords: type pwconv on the commandline in root there is
a few more security steps by the way on the commandline in /ect do
the following:

chattr +i shadow
chattr +i group
chattr +i gshadow
chattr +i passwd
chattr +i passwd.bak

btw to change any passwords you have to unchattr
these files the same way

3) In ect chattr +i the service file to protect it against
someone modifying this file and adding services you didn't ok.

4) If you have printers make sure there not broadcasting or
open to connection Hackers will detect like port 515 or>>> cups
you can restrict the printer to local only cd/ect/cups/cupsd.conf replace
port 631 with something like this: listen 127.0.0.1:631 and you can do the
same for lan IP and port 80......... then you have to update cups
cd/rc.d/init.d on the commandline type: ./cups restart (that's what I do
with my printers)

6) Change the default shell from bash to tcsh at least for root
because bash isn't secure

7) Fix the permissions of the init.d directory: chmod -R 700 /ect/rc.d/init.d/*
one more thing I'd suggest is restrict anyone from doing /locate root