Something that might help this article is to group the recommendations into a set of conceptual guidelines for hardening any system:

1. What ports are open?

1a. Can any of them be closed?

2. What services are running?

2a. Can any of them be stopped?

3. What permissions do those services have?

3a. Can any of them be reduced?

... and so on