6. As root, edit /etc/ntp.conf to set NTP servers. You may wish to view our sample configuration file. Use the 'setup' utility to ensure that ntpd is starting at boot.
11. Prevent some DoS-denial attacks. Add the following lines to the end of /etc/rc.d/rc.local:
##### Begin DoS Prevention #####
# shut some DoS stuff down
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# increase the local port range
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
# increase the SYN backlog queue
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
13. Edit /etc/sysctl.conf and change kernel.sysrq to equal 1:
# Enables the magic-sysrq key
kernel.sysrq = 1
14. Edit hosts.{allow,deny}: You will need to configure the hosts files to meet the needs of each individual server. As a rule, only allow what you need from where you need it. The best thing to do is start off denying everything and allow only sshd and then add services as you go. For more information see "man 5 hosts_access".
15. Edit /etc/ssh/sshd_config:
Change "PermitRootLogin yes" to "PermitRootLogin no"
Change "Protocol 1,2" to "Protocol 2"
16. Reboot the machine:
sudo /sbin/shutdown -r now
17. Bask in the glory of an updated and secure Linux installation. :-)