I got a dedicated server too. The default setup is pretty good (this is a year later than original message), BUT
I chose to self-manage the server because the frequent connections (like every 5 minutes) by Dreamhost’s automated server monitoring and control through the control panel are driving me batty. Also I’d made a few fixes to files, then the automated system overwrote them. Changed to self-management, and everything works fine. Of course, you need to be comfortable with doing that. I’ve got a lot of experience managing unix and linux systems, YMMV.
The backup scripts they have set up still run if you self-manage the server, which is handy.
My most significant complaint is that the default setup is to allow ssh with remote root login, which is a big no-no. It’s fairly easy to fix, you need to change to only allow ssh logins with a RSA or DSA key pair setup already; all the dreamost admin have them, it’s only set to allow password login so YOU can login from home. So you need to get yourself a rsa key (program is ssh-keygen) and put the public keys in your .ssh folder on the server, then (after testing to make sure login works with the key!!!) reconfigure sshd to not allow password access. (attempted logins, mostly from china, occur several times a day still, but with password access disabled the system just ignores the login request…)
There were a few other problems with the default configuration but nothing that makes the system unuseable. (6 ttys and 2 serial line getty’s open in default, all useless…, system changes to runlevel 2 from 4 after booting for some strange reason which I’ve yet to locate the cause of, etc.). Oh, OK, the one other big problem was pop3 and imap mail servers were running on the server by default, despite that all mail (if you use the control panel to set up your users) is handeled by dreamhost’s mail server, not your own. Mail servers are one of the classic security holes, I just disabled, and wrote DH that it shouldn’t be enabled on the dedicated server by default, which the support person who replied agreed with and said would look into changing it. Go to /etc/rc*.d and change all courier service to K01courier so they don’t start at all.