Security

Links
Based on http://www.gentoo.org/doc/en/security/

Password protecting GRUB
See here.

Restricting Console Usage
The /etc/securetty file allows you to specify which tty (terminal) devices root is allowed to login in from.

We suggest that you comment out all lines except vc/1 if you are using devfs and all lines except tty1 if you are using udev. This will ensure that root only can login once and only on one terminal.

Restrict ssh access only to users on some group
See here.

Metalog
See here.

/etc/conf.d/rc
Some suggestion to increase performance and security at boot:

Log analysis
Send a resume of logs to root's mail. Require a mail server, I recommend Postfix.

Links
http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=3#doc_chap5

Install
With Metalog:

or with Syslog-ng:

And comment other lines that start with $LOGTAIL /var/log.

TODO Intrusion Detection
http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=13