When you have to secure a system you probably have come to the dilemma ‘Which method is the best? Bastille or manual hardening?’ at least I did it.
Bastille is a very good option, it will ease the process and you can even use the “Install Time Security” during the installation of new systems or use the configuration files in an already runing system (the files are in /etc/opt/sec_mgmt/bastille/configs/defaults), but some time ago I decide that it didn’t suit my needings since I like to mantain the control of the whole process.
If you really want to be sure that every corner in your systems is properly secured and monitored it is worthwhile to spend some time studiying your severs and the services running and its dependencies. After the compilation of all that data you can develop a generic security policy and use it as starting-point to customize the security of every server.
In the end of course this is up to you, you must choose whatever suits better your needings.