I'm posting this as a basic guide to securing your box (not necessarily linux, but I'm being linux-oriented). I'd like some input on what you think of this, and if I get enough positive feedback, I'll put this out in the Tutorials section, as short as this is.

Contrary to popular belief, just because something is open-sourced does not mean the code is written by programming gods who never make mistakes. It does mean that fixes come out much faster, but still, there are some large-installed-base packages out there with serious vulnerabilities and very poor track records. The three most notorious that come to my mind are Sendmail, WU-FTPd, and BIND.

At any rate, the most important step in securing a linux box is to make sure you're not running any services that you don't need.

The first real step is to discover what's running, and disable what you don't need. There's little to no reason that most people need sendmail, BIND, etc., running. Most people don't need to run any servers. In short, find what you don't need, and disable it -- better yet, remove it.

The second step is to discover what you are running, and to check out whether or not it's had a bad track record. If you really feel that you need to run sendmail, qmail is a very good replacement from a security standpoint. The great thing about Linux is that there is tonnes of good open-source software for it, giving you many many alternatives.

The third step is to lock down what you do have running with iptables/ipchains. I do a fair amount of web development with PHP on my linux box at home. There's no reason I want all of that information accessible to everyone though, so I have firewall rules that essentially allow port 80 connections from my internal network, and a couple of select IP addresses, and no more. As far as the rest of the world is concerned my linux box is simply there for me to surf from.

The fourth and most important and most commonly overlooked step is to keep your software up to date!! I can't stress this enough. All of the major problems in the last year related to viruses, break-ins, worms, etc., are all thanks to lazy SysAdmins and people who don't exactly know what they're doing not patching their systems against vulnerabilities. Keeping up to date with software is perhaps the single best defense against intrustions on publicly accessible systems.

If you feel I've left anything out, let me know either by reply or by pm.