> 3) automated security updates or some sort of failsafe procedure to install security updates very regularly (this is by far the most common error)
This isn't clear. Are you saying you think automating these updates is good or bad?
> 5) Avoid storing anything that makes you a particularly desirable
Well, in some cases your user's uid and pwd is the most valuable chunk-o-data a would be attacker wants.
> Most extensive security procedures contain a lot of questionable advice
List?
> and few will prevent human error which most compromise can be traced back to.
I think this would be the power of having a canonical auto-provision script on Github that many can review and contribute to. The script could certainly take the form of sections that could be commented out as needed. In other words, a well documented and reviewed set of recommendations that someone could edit based on pier-reviewed information in the comments and then use to automatically configure a server. That, I think, could be of value.
This isn't clear. Are you saying you think automating these updates is good or bad?
> 5) Avoid storing anything that makes you a particularly desirable
Well, in some cases your user's uid and pwd is the most valuable chunk-o-data a would be attacker wants.
> Most extensive security procedures contain a lot of questionable advice
List?
> and few will prevent human error which most compromise can be traced back to.
I think this would be the power of having a canonical auto-provision script on Github that many can review and contribute to. The script could certainly take the form of sections that could be commented out as needed. In other words, a well documented and reviewed set of recommendations that someone could edit based on pier-reviewed information in the comments and then use to automatically configure a server. That, I think, could be of value.