At Install:
- Only install programs that you need
- Educate yourself on the use of each package
After Install:
- Remove unused daemons
- The Great SUID/SGID hunt.
- Use shadow passwords
- Use cracklib / npasswd or equivalent
- Add ssh (or equivalent)
- Customize and recompile kernel
General system hygiene and upkeep
- Backups
- Monitor the logs
- Install the Errata (mantra)