I want to build a totally secure webserver and WordPress installation (or as near as possible) using an EasyEngine install. The additional modules and services I am planning to use are …
Install and configure Firewall - ufw
Secure shared memory - fstab
SSH - Key based login, disable root login and change port
Apache SSL - Disable SSL v3 support
Protect su by limiting access only to admin group
Harden network with sysctl settings
Disable Open DNS Recursion and Remove Version Info - Bind9 DNS
Prevent IP Spoofing
Harden PHP for security
Restrict Apache Information Leakage
Install and configure Apache application firewall - ModSecurity
Protect from DDOS (Denial of Service) attacks with ModEvasive
Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban
Intrusion Detection - PSAD
Check for RootKits - RKHunter and CHKRootKit
Scan open Ports - Nmap
Analyse system LOG files - LogWatch
SELinux - Apparmor
Audit your system security - Tiger and Tripwire
Did I miss something? Is this overkill?
Please let me know your ideas.