(no title)

They take a while to come for the latest version of a OS and none is out for Ubuntu later than 20.04 yet, but it is a very good starting point for a checklist even if you do not run a DoD system (a lot of the points might be specific for these but easily skipped) and depending on changes between versions, some parts might still apply. For a recently released OS you usually have to rely on the system documentation from the system creator (Canonical in this case) but most of my experience is from the Red Hat world so not sure how good it is for other distros.

If you start with the best practices for your OS/distro and then dig into a hardening guide (like STIG) you should probably have a pretty good understanding and base documentation for your specific use-case. As always, if you use a specific service/software on top of that (a web-server, mail-server, etc) you will need to dig into the documentation of that specific product and after that check for hardening guides.

The general principle of removing/disabling/blocking everything that you do not use is usually a good one. Knowing what you actually use and the exceptions is what makes it hard :-)