It seems like every other day of the week, my networks are attacked by compromised Linux systems. Granted, this is not nearly as many as the attacks coming from compromised Windows hosts. Indeed this is to be expected of Windows, which offers no real way of truly securing the operating system. But with a flexible, modular and well-designed system like Linux, there is no excusable reason. The primary cause of compromised Linux hosts is not a lack of security on the platform itself, but a lack of attention to security by the one deploying the server. With this in mind, I present a guide on how not to configure your Linux server. 

1. Don't Install more software than what you need. It may be tempting, especially for those new to Linux administration, to install a huge amount of software “just in case” you need it later. But this practice creates unnecessary complexity, adds more maintenance overhead, and most importantly, introduces more potential for vulnerability. Any good Linux distribution will also have a good package manager, so if you really find that you need to install something later, it is trivial to accomplish.
2. Don't allow outside access to unnecessary services. Chances are good that there are one or more services on your Linux host that the outside world doesn't need access to. In that case, a firewall should be employed. Whether this is a standalone piece of hardware or Linux's built-in Netfilter firewall, don't give outside access to anything which isn't necessary for your specific purposes. The less world-accessible services you have to focus on, the better.
3. Don't run a SSH server with its default settings. SSH is a fantastic way for Linux administrators to manage their servers securely from remote locations. It's also the single most attacked service on a Linux system. As a result, some common-sense hardening steps are necessary. Learn more in a related article, Hardening SSH.
4. Don't user simple passwords. Ever. By “simple”, I don't just mean those that are easy for people to guess, like your name backwards or qwerty. Keep in mind that very sophisticated and powerful computers will be employed for the purpose of cracking your passwords, so having a password with strong mathematical complexity is absolutely necessary. In this interest, substituting numbers and symbols for normal characters is a good idea. Length is also important, and use both upper and lower case characters. Finally, dictionary-based words or proper names are to be considered taboo. For instance: typhoon is a terrible password. It's based on a dictionary word, not terribly mathematically complex, and it's all lowercase. We could beef it up a bit by changing it to something like 7yPh0()n. To a computer running a brute-force password attack, it is neither a dictionary word nor very mathematically simple. To us however, it is a meaningful word, so it will be relatively easy to remember. An even more secure approach would be a pass phrase which encompasses all of the techniques I've mentioned. Take for example: Th3reis4typh0()n1nMy_pUnchb0wL! The preceding would take some effort to memorize, but since it is based upon a (less than common) English phrase, we can still remember it after typing it a few times. However, it'd be almost impossible to brute-force such a password with current technology.
5. Don't neglect to update regularly! Nobody's perfect. I make mistakes, you make mistakes, software engineers make mistakes. As a result, software will have bugs which can potentially lead to an exploit when discovered. For this reason it's absolutely critical to keep your systems up to date. I strongly recommend cron'ing daily, automated updates on Red Hat and derivative systems, which lend themselves well to unattended updates. I'd suggest something like the following:

---

#!/bin/sh
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
echo "~~~  Checking for updates to yum  ~~~"
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
/usr/bin/yum -y update yum
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
echo "~~~  Checking for system updates  ~~~"
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
/usr/bin/yum -y update

---

If you're using a Debian system or a derivative thereof which makes use of apt, automated updates are not really an option due to the interactive nature of apt-get or aptitude. However, you can still use the apt-cron tool to automatically download and prepare updates, then email you when they're ready to be applied. This will keep the updates in the front of your mind, and save you time in patching. See the man page on apt-cron for more detail on setting it up, though I think you'll find the configuration of that tool is extremely simple.