Going back to some discussions in Matrix (#security:fedoraproject.org) of the recent days and some discussions around appropriate security/UX compromises in Fedora of the recent months in general (often in conjunction with the discussions of the yama.ptrace_scope proposals), I developed a first version of Fedora-downstream-hardening, which is likely to be renamed to Fedora-harden or to avoid confusion fcra-harden (FedoraCentosRockyAlma) because the package intends to work out of the box also on CentOS, AlmaLinux, RockyLinux.
This hardening is intended for average desktop/workstation use cases, usable / deployable for all levels of experience, including beginners: it still prioritizes to avoid “denials of services” for its users and provide a smooth experience (details in the ticket).
The first tool works out fine, including self-tests: I packaged it today into an rpm and tested it in Fedora and in CentOS: dnf install package, harden activate, reboot, harden-selftest, harden deactivate, dnf remove. The self-test does not yet test all security functions in depth, but I checked their introduction manually after harden activate (and the self-test data already helped me to identify several bugs ^^). When the rpm package is updated by dnf with new security measures (or if old measures are removed/adjusted), the activated hardening will be automatically updated towards the “standard” of the updated rpm package. That is not yet ready for a release, but it shows the approach and allows to test it. Link to the repo is in the ticket.
Due to the nature of the hardening, I expect that CentOS results == Rocky/Alma results (though I will verify later). But my guess is that hardening will not work out of the box on immutable variants, at least some of the hardening measures.
Details in the Security SIG ticket: https://forge.fedoraproject.org/security/tickets/issues/1
I put it here as well to allow a discussion, review, and for security enthusiasts, to test it 
I have attached a testing rpm in the ticket, but keep in mind that this should not yet be deployed on production systems! So far this is only to show what we talk about. I used that rpm for the tests on Fedora and CentOS.