NSA Operating System Guides

I recently deployed a Red Hat Enterprise 5 Linux server at Peer1.   I typically follow a methodology for locking down an operating system.  Upon booting the os install disk, I ensure that only the minimal set of services, kernel modules, and userland applications are installed. After installation was complete, I quickly logged in via SSH and began stripping down the OS.  Following my usual methodology, I began tuning kernel parameters, nuking un-needed services, and fixing permissions.  I then stumbled upon the National Security Agency's guide to securing operating systems.  So I gave it a shot. The document is approximately 170 pages long.  But if you are familiar with userland and kernel space, it only takes a few hours.  The people who took the time to assemble this document did a great job.  I only wish they mentioned Qmail in the MTA section...

www.nsa.gov/snac/downloads_os.cfm

For those who are curious, here is the NSA's take on their guides:

NSA initiatives in enhancing software security cover both proprietary and open source software, and we have successfully used both proprietary and open source models in our research activities. NSA’s work to enhance the security of software is motivated by one simple consideration: use our resources as efficiently as possible to give NSA’s customers the best possible security options in the most widely employed products. The objective of the NSA research program is to develop technologic advances that can be shared with the software development community through a variety of transfer mechanisms. NSA does not favor or promote any specific software product or business model. Rather, NSA is promoting enhanced security.