Summary
Nice work. Lots and lots of security goodness. That services stuff was crucial. The firewall is a given. OpenSSH is just brilliant. But we're not there yet.
What we have done is to secure the majority of our server security concerns, yes, but really all we have to date is the least configured a server should be in terms of security.
We have to patch against a troupe of attacks, toughen chroot jails, add access controls and chase down rootkits. We also need a good logging management system, added network and system protections and, while we're about it, a web application firewall.
Get the coffee back on. Best make it strong.
