curl -s http://autoinstall.plesk.com/plesk-installer | bash
I've written a complete guide, including security suggestions (only basic stuff like SSH hardening, Firewall, and Fail2Ban). It's not published anywhere yet, but is step by step dummie style guide.
I wrote the guide for CentOS 6.5, and I prefer using the 64bit version with Plesk 12. I run 2 Plesk 12 installs, one is a single domain on a $10 month server, and the other which I've just finished is a $20 server. It hosts 26 domains that are a mixture of websites & emails, and redirects with email.
If you want a copy of the guide, I'm happy to pass it over.
I'm also in the midsts of finishing a guide to using ClamAV instead of Plesk's Premium AV. The guide also supports the use of using Plesk's Qmail and SpamAssassin via the control panel, which is handy.
No problem, here you go: http://bit.ly/plesk12centos
There is not much in DNS in that guide as on my old server, prior to the move to D.O, I used my own nameservers. Now on D.O I use Route 53 as changes propagate quicker on Route 53, plus it is also a distributed DNS service.
On each domain I turn off the DNS in DNS settings for that domain, and replace the default nameserver records with the AWS Route 53 ones. That way all DNS queries are handled by Route 53.
I did once use Plesk's DNS for domains on my very first Plesk VPS around 9yrs ago, but that was an earlier version of Plesk. I recommend Route 53 as it's not expensive, and far easier to manage.
With Fail2Ban Plesk extension, it is important that once you've Enabled the extension in its Settings tab, that you turn the Jails on one at a time. Otherwise if you attempt to switch them all on at once, it tends to fail and screw up. I personally use all the jails apart from plesk-apache.
Plesk Firewall configuration is individual to each user, but I tend to set services not in use to "Deny incoming from all", services like:-
Mail password change service
MySQL server (if no-one is accessing your MySQL from a remote machine or server)
Tomcat administrative interface
System policy for incoming traffic (Its default state)
System policy for forwarding of traffic (Its default state)
Also modify the SSH rule to allow incoming traffic ONLY from IPs you trust.
Hope that lot helps!