Administration of Linux Servers

set SSH to a different port than 22 to filter out noise

use SELinux or AppArmor

use a firewall, e.g. iptables, nftables, firewalld, ufw

run services with their own users instead of root

remove the world readable bit from config files which contain credentials

You can use MergerFS and SnapRAID instead of "regular" RAID for cheaper storage.

Linux hardening

Linux security

Security for admins

Network security