> 1. The first one is to prevent users from seeing information about
> processes that are being run under another UID.

You can modify ps, top source code. Of course is not a perfect
solution.

> 2. Enable the concept of blackholing. This is so RST packets don't
> get sent back in response to closed ports. This helps to block port
> scans.

You can use pf to make this.

> 3. Generate a random ID for the IP packets as opposed to incrementing
> them by one.

Ehm , I think that OpenBSD just make this.

> 4. Disabling ctrl+alt+del so somebody can't walk up to your box and
> reboot the server.

What the difference to reboot console from ctrl+alt+del or
power off , reset with key, cut the power cable?

> 5. Drop SYN/FIN packets

You can use pf

> 6. Enable stealth forwarding. Stealth forwarding passes packets
> without touching the TTL, so this is useful for hiding firewalls from
> traceroutes.

I don't know how to make this with open.