The Reluctant Sysadmin's Guide to Securing a Linux Server
The Reluctant Sysadmin's Guide to Securing a Linux Server
pboyd.io
The Reluctant Sysadmin's Guide to Securing a Linux Server
It scratches the surface of the most obvious stuff. I'd only add running apps in isolation (docker or adduser) and maybe fail2ban.
