Hardening depends on your threat model and needs of the client. Have the system do what it is supposed to do nothing more or less. I pretty much use this as a guide line depending on client needs.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/pdf/security_guide/red_hat_enterprise_linux-7-security_guide-en-us.pdf

The low hanging fruit will already be scooped up. You have to get creative with emphasis on it being pronounceable first and brevity second. I feel the biggest mistake that gets made is waiting for the perfect name and overlooking a good one.