Become very familiar with the following two things:
GUID and SUID.
If configured properly, no one will be able to pwn you.
As already mentioned, be sure that you make separate partitions because if you run out of disk space your box will topple over. At VERY least, make a separate VAR partition. A major bank came to a grinding halt because they did not follow this very basic rule. Turned out that the log files in VAR ate all the disk space and their pretty Solaris boxes choked.
Implement LEAST privilage.
Use TCP Wrappers for SSH sessions and everything else that does not require global connection audiences.
Change the sshd.conf file to use protocol 2. This should be self explanitory to anyone who's been around for a while.
Create a user account. Do not use the admin account as a user account. The best thing ever is to see someone jump on IRC as user:root. Can you say pwned?
Just a quick few off the top of my head.