1. Update kernel and OS with all latest packages.
2. Install and configure APF Firewall to only allow traffic on the ports that are used. In addition, we'll configure the Anti-DOS function in APF. This additional module helps mitigate and prevent certain types of DOS (denial of service) attacks to your server.
3. Install and configure BFD (Brute Force Detection). This program works real time in conjunction with APF firewall to block any IP Addresses of users that fail authentication more than 3 times in 10 minutes.
4. Tighten up php settings/security.
5. Install and configure Logwatch. This program parses through your server's logs and reports to you via e-mail on a daily basis with tabulated information. We will add a daily cronjob to email test results daily.
6. Install SIM (System Integrity Monitor) which is a software that checks all services 24x7 and restarts them if they are down. An e-mail is dispatched if a downed service is detected and restarted.
7. Optimise and secure Apache (HTTPD) web server.
8. Optimise MySQL Server to perform at it's best under the most common and standard environments.
9. Secure & harden [login to view URL] to prevent DNS lookup poisoning and also provide protection against spoofs.
10. Secure & harden [login to view URL] system configuration file to help prevent the TCP/IP stack from syn-flood attacks. It is also configured to prevent other various and similar network abuse.
11. Secure and harden /tmp and /var/tmp to prevent the execution of malicious scripts.
12. Install Rkhunter which is a very useful tool that is used to check for trojans, rootkits, and other security problems. We will add a daily cronjob to email test results daily.
13. Install ChkRootkit which is a tool to locally check for signs of a rootkit. We will add a daily cronjob to email test results daily. We will add a daily cronjob to email test results daily.
14. Tighten up SSHD settings/security.
15. Disable direct root login.
this is my short list but if you want to sugest replacement or have other ideas i am very open to suggestion. Also i need sommekind of a break-down on how much time it will take.