Provide standard lockdown scripts/package

Large numbers of corporate servers these days undergo a lock-down during or immediately after installation.  This is because the standard install leaves too many things installed and/or configured.  Examples are:  root login via SSH, remove telnet, disable cups.  I'm not being rigid about this list by the way.

Groups like NIST, NSA, CIS publish security documents that provide methods for locking down base install systems to provide a good base security level for servers.

Rather than having to come up with scripts independantly, it would be hugely beneficial to customers for Red Hat to provide a set of scripts (or other method) for applying such a base setup lockdown.  This would provide users with an install to a known good security level which could be easily demonstrated to auditors, for example.

This is not a "lazyboy" option that I would suggest relying entirely on, but a good first step that an organisations security team could understand immediately.

The security lockdown would have to be agreed upon of course, but could perhaps be flexible (i.e. configured with an answer file?)

Audit scripts would also be invaluable so that deviations from the lockdown could be quickly highlighted to admins & auditors.