A few days ago I installed a new linux os. Today i realize /root has o+r (755) so EVERYONE is able to see my root sql password in /root/.my.cnf. I freaked out and simply changed /root to 750.
My /var/www folder is 2755 but all the folders in it are 2750 (so certain users can browse to the folder without being blind). What software, file permissions and other DEFAULT configuration should I change?
perhaps you should do a scan of your system with a tool like tiger. Tiger will pick up lots of things like this, and is a great way to get lots of advice and suggestions about how to secure your system. Tiger can also be useful as a kind of Intrusion Detection System, too.
~/.ssh folder is world-readable, for example. If Debian ships with /root as 755, and tiger doesn't warn about it, I would take that as a decent indication that it's not an unreasonable setting to operate with.
/roothas always been 755 on Debian and Ubuntu, as far as I remember. My unreliable memory goes back to potato, and I can verify this for machines where the first install was etch, lenny, warty, hardy or lucid.