This is a work in progress and is NOT completed! Actually I started to write this article a few days ago.
This article will become a step-by-step procedure for securing a RedHat Linux server.
If you are maybe interested in Oracle9i on RedHat Linux 7.x, then check my other article.

General

Log Files

Errors and system messages:

/var/log/dmesg          (kernel boot messages)
/var/log/boot           (runlevel boot logging messages)
/var/log/messages       (system messages)
...

Authentication Files:

/var/run/utmp
/var/log/wtmp
/var/log/btmp
/var/log/secure
/var/log/lastlog

Server-specific Logs:

/var/log/xferlog        (ftpd logging information)
/var/log/maillog        (sendmail logging information)
/var/log/pacct
...

Connect Accounting Utilities

Here is a list of commands you can use to get data about user logins:

who         Shows a listing of currently logged-in users. This command reads /var/log/utmp.
w           Shows who is logged on and what they are doing.
last        Shows a list of last logged-in users, including login time, logout time etc. This command reads /var/log/wtmp.
lastb       Same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.
lastlog     This command reports data maintained in /var/log/lastlog, which is a record of the last time a user logged in.
ac          Prints out the connect time in hours on a per-user basis or daily basis etc. This command reads /var/log/wtmp.
dump-utmp   Converts the raw data from /var/run/utmp or /var/log/wtmp into ASCII-parsable format.
ftpwho      The ftpwho program utility displays all active ftp users, and their current process information on the system.
                     The output of the command is in the format of the "/bin/ps" command.
ftpcount    The ftpcount program utility, a simplified version of ftpwho, shows only the current number of users logged in to
                     the system, and the maximum number of users allowed.

RedHat Package Manager (RPM)

You should make sure that you remove all packages you don't need on a production server (e.g compilers, development packages, X, etc.).

Here are some basic RPM options for maintaining packages:

To install a RPM package:
        rpm -ivh package_name.rpm
To delete a RPM package:
        rpm -e package_name.rpm
To check what happens if a package gets deleted  (dependency checks etc.):
        rpm -e --test package_name.rpm
To install or upgrade a RPM package that is currently installed to a newer version:
        rpm -Uvh package_name.rpm
To upgrade a RPM package only if an earlier version currently exists:
        rpm -Fvh package_name.rpm
To query for all packages:
        rpm -qa
To get package information about a specific package:
        rpm -qi package_name.rpm
To list all files and directories that belong to a RPM package:
        rpm -ql package_name.rpm
To query for the package that owns a specific file on your server:
        rpm -qf /bin/ls

The /etc/inittab File

You might want to disable the "Control-Alt-Del" key sequence. To do that, make sure the following line is commented out in the /etc/inittab file:
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now

Make sure that the change becomes effective immediately by invoking the following command:
    init q

Some recommend to add, for example, the following line in the /etc/inittab file to ensure that a root password is required for the Single User Mode logon:
    ~~:S:wait:/sbin/sulogin
But this would give you a false sense of security. When you get into the Single User Mode, it will certainly ask you for the root password. But it's too easy to get around. Instead of using "linux single", you can also use "linux init=/bin/bash" which will not ask for the root password. Your server should be physically secured anyway.

Services

To get a list of all enabled services, execute the following command:
    chkconfig --list

TCP Wrapper

Settings for /etc/passwd and /etc/shadow

Pluggable Authentication Modules (PAM)

This PAM module permits root authentication to members of the wheel group only. Ensure that the following parameters are set:

/lib/security/pam_wheel.so use_uid

Linux Security Books

If you want to read a very good book on Linux Security, then you should check out Gerhard Mourani's security book, which covers security very thoroughly and which is intended for a technical audience and Linux administrators. But it also covers material for home users and others as well. I had the opportunity to contribute to the development of the second edition. The edition " Securing & Optimizing Linux: The Ultimate Solution " is now the successor of the very popular book "Securing and Optimizing Linux: Red Hat Edition".

Securing and Optimizing Linux: Red Hat Edition  (First Edition)

• This edition can be downloaded for free in PDF format at http://www.linuxsecurity.com/docs/Securing-Optimizing-Linux-RH-Edition-1_3.pdf , or
• You can browse through the book in HTML format at http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3 .

• You can buy this 850 pages book at www.openna.com or
• You can buy it in PDF format at www.openna.com