Bastille: rated security with education
Bastille is a program for improving system security on Debian, Fedora, Gentoo, Mandriva, Red Hat Enterprise Linux, and SUSE. Unlike packet sniffers, anti-virus programs, and the majority of security programs available today, Bastille does not wait to react to possible security breaches, but prevents them by removing system vulnerabilities. With many distributions softening security in their default installations in the name of convenience, this approach is enough by itself to make Bastille an essential program.
Bastille is more than just a system hardener. With its assessment tool, Bastille gives a system security rating, comparable to that provided by the Center for Internet Security benchmark, that allows you to see the relative effects of individual security choices. Moreover, because it runs interactively, explaining the possible choices at each step and giving users every opportunity to back out of changes before committing them, using Bastille also amounts to taking a brief but thorough introductory tutorial on GNU/Linux security.
If you are serious about system security, then you should probably start by customizing every possible option during installation of your operating system, so that you know exactly what is on your system. However, even if you reject this approach as too time-consuming, you can still improve your system's security by installing and running Bastille immediately after installation.