Some excellent info there Sprial - thanks for posting.
Have you thought about creating an article on securing/setting up your cpanel server and then putting it on your own website (or starting a new one just for it) and then putting a link to it in your sig here? You could put google ads on the site to compensate for your time ;-) I am sure lots of people would mention/link to it
The guide here is way out of date, and so there's a definitely a call for one!
Back to my topic here, I've done a lot of the changes as mentioned in the current guide including installing CSF. I haven't gone with certificate based logins as I don't really understand them - for eg, what if I have to log-in to the server from someone else's pc? How would that work? Do you have a link to an easy guide on setting it up?
Re jailshell, won't I still need that to use sftp? (sorry I'm a bit of a nube!).
Thanks again for your help!