As a long-time user of Debian-based distros, I have found it quite cumbersome to constantly harden the config files for security purposes, as the distro has low security outside the kernel out of the box. I have heard great things about your distro, particularly that it comes ready to go with privacy and security features. I understand that you enforce policies with SELinux, but I am curious to know what other measures you take.
I have searched your site for a hardening guide, but have not found much information other than that provided by your parent company, Red Hat. However, even their guide is not as extensive as those available for Debian and Arch. Additionally, as your distro is somewhat a rolling release with short full update cycles, I am curious to know if changes I make to some of the config files will be overridden when the distro is updated.
Configuration file changes are handled using rpmsave and rpmnew files. I have not encountered rpmsave files recently (old Java configuration files have both rpmnew and rpmsave under a versioned directory).