There are a handful of books on overall UNIX security from O'Reilly. They're good for novices, but aren't very good for reference material since they spend a lot of time describing stuff and little time on "you want this, you don't want that."
There are three basic items to simple unix security if you need to lock down a box like a webserver:
<a> comment out as much as you can in /etc/inetd.conf <b> sendmail and BIND are monsters. If you need them, get books about them that talk security. Webservers generally don't need these two. <c> subscribe to something that gives you security updates for your particular OS. Bugtraq is a good non-OS-specific one.
There are some other ideas that are generally good; like don't enable NFS (client or server) unless you really need it, avoid NIS/yp, and if you can turn off the startup of the portmapper (a.k.a. "rpcbind"), that'll save you some headache.