I'm very suprised you consider having an FTP server on your box to be a good thing. Most people I know would use scp instead. My boxes generally have only a few ports open:
tcp: 22 (ssh/scp and tunnelled vnc, mysql etc)
tcp: 80 (web services)
udp: 514 (syslog on logging server)

Certainly removal of portmap is a good thing, but given the choice I wouldn't even let the RPC software get installed.

I think the best message you've given is "keep up to date with security patches". As true in Linux as it is Windows and any other OS out there.

If you really want to be secure you're best starting off thinking that way when you install the machine.
* Install and USE tripwire/AIDE
* Install and MONITOR seccheck
* If other people have accounts consider running password crackers occasionally
* Don't let root log in remotely
* Don't let anyone su to root, use sudo instead

SuSE out of the box isn't bad at all, but I wouldn't trust it on the internet as it stands. Thankfully it's not hard to harden it a little (those five steps, off the top of my head are a start), and if you _really_ want to tie it down it's not impossible. Think about using Bastille, a script that takes you through a set of steps that will really make life harder for anyone trying to screw with your system.

Ultimately though....
* Monitor any security systems you use, or they're worthless
* Update security patches whenever appropriate

Looking forward to gore's next installment!