Fedora hardening

Hello Fedora project community,

my goal is to harden Fedora and I am looking for the means to do it. I am familiar with Lynis and OpenSCAP Workbench which both point out certain issues and give suggestions how to solve the problem. SCAP uses shell script to remedy these issues as best as possible. Now I would like to hear from the community. What are you experiences , which tools would you recommend to harden the security of a Fedora Workstation as well privacy tools which are FOSS.