Set network with nmtui
systemctl restart network.service
implement firewall ( we use config server wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz)
disable ssh (if you want to leave ssh enabled then make sure the firewall is blocking world access and only letting you thru)
disable selinux on whm/cpanel systems (edit the 'SELINUX=' line in /etc/selinux/config for either 'enforcing', 'permissive', or 'disabled'.)

disable but do not remove avahi-daemon
systemctl stop avahi-daemon.socket avahi-daemon.service
systemctl disable avahi-daemon.socket avahi-daemon.service
install whm/cpanel cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

inside whm:
tweak
Enable open_basedir protection
Disable Compilers for all accounts(except root)
Enable Shell Bomb/memory Protection
Enable cPHulk Brute Force Protection

disable shell access
disable anoymous ftp

set mysql password
enable suexec

edit php.ini
safe_mode = On
expose_php = Off
Enable_dl= Off
magic_quotes = On
register_globals = off
display errors = off
disable_functions = system, show_source, symlink, exec, dl,
shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd

Edit the /etc/sysctl.conf file and add the following line in order to enable SYN cookies protection:

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

clamav
yum install clamav
freshclam
run crontab -e then add @daily root clamscan -R /home

rootkit:
cd /root/

wget http://sourceforge.net/projects/rkh...irror=iweb
tar -zxvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --install

Harden /tmp partition
Run the /scripts/securetmp script to mount your /tmp partition to a temporary file for extra security.

disable compilers in whm

host access control to specific ranges
ignore any recommendations regarding xfs,gpm,saslauthd,nfs,chargen,ypbind,anacron,hidd,cups. They are either not running on default minimal or are needed