I haven't set up OpenACS on RH9 yet, but I don't know how much a fully patched RH8 install differs from a fully patched RH9 install. For server apps, maybe not that much. Anyway, if you're interested in a security checklist, I would recommend reading the CERT Unix security checklist. It's not specific to any particular OS, rather Unices in general. I've looked at the RedHat security list which echoes a lot said in the CERT list, but I always like to have multiple sources for this kind of advice. It kind of exceeds the 20 point list you were looking for, but you can probably sleep more easily at night if you apply it!
