Hiya,
I have 15+ years experience with Linux systems admin and I specialise in 'real world' security, optimisation and management of systems, indeed I already offer such services on a retainer basis to a large number of customers, who say for example:
"Thank you, you're a God-send".
Josh Strike - Strike Sapphire
"Thank god for you being available, dont know what we would do if you were not around."
Matt Norris, Strand International / Easy Play Poker
I *dont* like the list you provided, because for the most part the security precautions proposed would give you far more headaches than they are worth in terms of added security.
SELinux may well be the most highly secure way to run Linux, but it'll really melt your brain with the amount of headaches it will cause you.
Also, it sounds like you're proposing installing all these precautions on top of an already live system, and many of them *cannot* be deployed in such a scenario.
This isn't really as much of an issue as it might sound.
If you take me on for this, I'll install a multi-layered security architecture (including a firewall, an IDS system, log monitoring, software updates as and when needed [when a security update is available, not just a blanket update whenever a new version of something comes out!] and enough tools so that even if the worst case ever happened and nefarious materials are installed, they can be safely removed and we can carry on) on your system, and use enterprise-grade systems to manage software updates and make the daemons on it 'self healing', manually check on the server at least twice a day, as well as use remote monitoring that can go to SMS messages if a problem is detected.
My bid price is based on spending 3 hours securing your system, NOT on the basis of providing an ongoing retainer for management of the aforementioned system, which we will need to discuss separately.
I can start more or less straight away on this.
Yours,
Kev Green,
oRe Net.