A lot of this can be eliminated (Not the physical security or install) by doing the following:
1. Run centOS or Redhat
2. install openscap-workbench
3. Use the centOS stig and choose which profile (I recommend US govt configuration base)
4. Uncheck the firewall rules (they set it to deny all incoming; change to DMZ with basic rules)
5. Click remediate and apply.
6. OpenSCAP does the work for you to harden the system
You'll have to use other security appropriate tools for appropriate servers, but you'll know which service and its ramifications.I know that MySQL has a comprehensive security script to prepare. Other tools have similar built in functions.
Also note you can download Nessus and get a 7 day free trial as well. It's not perfect since the ticket price is $2400/yr . You could also use OpenSCAP for compliance, and metasploit as a substitute for application. There's also websuites like Burp and OWASP.
But regardless you pay or not for automated testing, you need something to automatically find bad things so you can fix them.
As with a lot of other enterprisey software made by RH, it should all work in theory, but it rarely works as well. I've never been able to get stuff like openscap to work reliably with satellite (which is one of those things that should probably not exist at all). I don't remember which openscap profile it was (I think C2S), but it would just hang on nfs servers with lots of data. So you can go and hack on these profiles, but it just gives the impression that none of this stuff is that widely used/production ready.
1. Run centOS or Redhat
2. install openscap-workbench
3. Use the centOS stig and choose which profile (I recommend US govt configuration base)
4. Uncheck the firewall rules (they set it to deny all incoming; change to DMZ with basic rules)
5. Click remediate and apply.
6. OpenSCAP does the work for you to harden the system
You'll have to use other security appropriate tools for appropriate servers, but you'll know which service and its ramifications.I know that MySQL has a comprehensive security script to prepare. Other tools have similar built in functions.
Also note you can download Nessus and get a 7 day free trial as well. It's not perfect since the ticket price is $2400/yr . You could also use OpenSCAP for compliance, and metasploit as a substitute for application. There's also websuites like Burp and OWASP.
But regardless you pay or not for automated testing, you need something to automatically find bad things so you can fix them.