Linux security document.

I have been checking through the servers a bit, and below is a list of some things that we can tweak on the server. Most of it is related to security and stuff and on Linux server.
Please go through them.1. Exim.
Enable extended logging :
Add the following line in exim, below the first line recommended
log_selector = address_rewrite all_parents arguments
connection_reject delay_delivery delivery_size dnslist_defer
incoming_interface incoming_port lost_incoming_connection queue_run
received_sender received_recipients retry_defer sender_on_delivery
size_reject skip_delivery smtp_confirmation smtp_connection
smtp_protocol_error smtp_syntax_error subject tls_cipher tls_peerdn
\

Fommail Trap
http://void.thunderteam.org/fm-trap.html

For Securing Exim i found this a Good resource
http://www.rvskin.com/index.php?page=public/antispam

2. Httpd :

install mod_security
install mod_dosevasive (causes problem with FP sometimes though)

3. PHP

disable_functions = “system,exec”

eAccelerator for PHP acceleration
http://sourceforge.net/projects/eaccelerator

4. Some small recommended apps

Install BFD from rfxnetworks.net
Install LSM from rfxnetworks.net
APF from rfxnetworks.net ( since we have portsentry not really required )
rkhunter can be found on www.rootkit.nl

5. cpanel script to disable compilers incase we have not done this yet
/scripts/compilers off

6. MYSQL

mysql query cache
vi /etc/my.cnf
query-cache-type = 1
query-cache-size = 100M
100M can be changed according to how busy the server is

7. Securing some binaries

chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp
chmod 000 /etc/httpd/proxy/