- Telnet -> OpenSSH (latest patches)
- SSH Server: Protocol 2, do not allow root login
- SSH Client: Protocol 2
- Prevent root login (su/sudo only)
- Install ossec: http://www.ossec.net
- Confirm needed services in xinetd / inetd
- Confirm runlevel is multi-user mode and not starting X by default
- Review banners: motd, /etc/issue, sshd, ftpd, httpd…
- Restrict access to system logs