First, the default IPTables configuration is just plain stupid. Seriously, everyone I have talked to about this recommends flushing all the default rules and starting from scratch. Even the CentOS wiki recommends this procedure. I understand this might be a RedHat thing, but seriously, change it in the default config if all you are going to do is recommend everyone throws it out once setup is complete. Yes, I am referring to the esoteric RH-Firewall-1-INPUT chain..
Second, unless I am running some enterprise government high-load zombies-at-the-door, the end is nigh server, enabling SELinux by default is over-kill. No seriously, if you wanted to make a more secure system, take a page from the Ubuntu server playbook and try disabling some services on default setup. Do I really NEED printing capability on a headless server that is most-likely running in a remote NOC somewhere? Then there is avahi, seriously!?, on a server?? Did the decision to include that in a default SERVER install come from the Playskool development team? I spent an hour ripping the guts out of needless services installed by default.
Third, and this may be applicable to RedHat-based distros in general. But not including core functionality in the PHP RPM is just…well, I am at a loss for words here. Thank you ever so much to http://benlancaster.wordpress.com/ for his writeup on Installing PHP’s JSON extension, I would have been totally lost with out it. Unfortunately, it just underlines the issue..