First off,
RTFM. CentOS is pretty much a RedHat clone, and their documentation is great and easy to understand.
Some general hints in no specific order:
- Go through all files in
/etc/sysconfig, learn what they're doing and configure them as needed.
- Run chkconfig --list, find out what each and every one of those services do and enable/disable them as required.
- Don't plug in the network cable before you've done a rough setup of iptables. There's even a console based GUI for that.
- Never, never ever use easy passwords like root:root123, test:blah and similar. Believe me, if your sshd is accessible from the outside you *will* have a Brazilian script kiddie on it within minutes.
- After installing a service like apache or ntpd immediately find the config files and read through and try to understand all of them. Getting everything only half-working is of no use.
- Take your time and don't let anybody stress you about getting that server ready for production. Once there's stuff running on it any oversight will cost you.
- Do *not* optimize for performance. The server's probably fast enough as it is. Unless you know exactly what you're doing you'll probably only screw up and/or waste your time by optimizing a server that has a load of 0.02 anyway.
- Before moving to configure a different piece of software test everything as well as possible. Try logging in to your new ftpd as anonymous and start a warez archive. See if apache leaks configuration information. Use your mail server as anonymous relay.
- Learn whatever you can about the server itself. Install vendor-provided administration utilities and try to set up system event logging and notifications.
- Run yum update (or even upgrade) *before* going into production.
- Trust most default values of packages you've installed, but don't trust them blindly. If in doubt, read the man page or documentation.
- Most security stuff will be adequate out-of-the-box. Take precautions but don't be too paranoid. Trying to implement your own perfect security measures without knowing enough about the details, modifying perfectly good default PAM settings and similar will probably only decrease security.
- Don't forget why you're running a Linux distribution and not Linux From Scratch. Their packages, configuration subsystem, file paths, init scripts and so on are probably not according to the way you would have done it but customizing everything will only cause you tons of additional work down the road. Only customize when you have a good reason, no way around it or need to deploy your own setup to many servers.
- Last but not least, play with it as long as possible. Toying around and with and exploring a non-production server without breaking too much will teach you more real-life experience than any book could provide.