Operating System: Part I

not a shared system, not for multiple purposes

tight install: limit packages, update OS before doing anything
"reductive security"

Tor data directory /var/lib/tor,/var/db/tor,/var/tor
separate partition,slice ~500-750M

Regular patching cadence: automate
get on relevant OS security announce list
base operating system
packages... especially Tor