Msg#: 3812238 posted 11:00 pm on Jan 14, 2009 (gmt 0)
Most of the software listed does little to bolster real security. Security is not a one-time step but an ongoing process. Personally I find APF and BFD over kills for many installations. Chkrootkit is largely outdated. Thinks like anti-ddos should only be deployed if you are having a ddos attack and if it is a series dos attack those tools will do you little good.
We restrict root login to keys only and setup the wheel group to only let specific users access root. This combined with a good firewall rule set and keeping the system updated will go a long way in keeping the system secure.
Mod security is very powerful if properly deployed but the default rules do not apply to many situations.
Lastly, be sure to remove any software you don't need from the server.