Originally Posted by Rookie1337
I'd like to but nobody answered the question on what should be the "bare minimum" for security on Linux.
The problem with trying to set a bare minimum is that people connect in different ways and there are different things that should be secured. Also some people don't visit as dangerous places as some others. A good analogy might be that if you live in a gated community you can probably get away with leaving your keys in your car but it might be a good idea to lockup and take them with you in high crime areas. Some might argue that even that is not enough since determined thieves can defeat such measures in seconds. See? Complex. Back to PCs and the Webz, consider that some people connect with the only thing between their PC and the outside world is a modem.
Many modern modems have routers built in to service more than one home computer. These commonly have some sort of firewall which adds to security assuming the owner bothers to learn to configure it properly.
Today most modems not only have wired routers but also have wireless access which adds to the complexity and reduces security. This is a whole other branch of security issues requiring proper configuration.
Finally there are the PCs themselves and here it should be obvious in this sub-section what OpSys one has makes considerable difference. Linux is capable of being more secure than most but this is not to say that there are not (dare I say it?) Windows boxen setup properly in a well configured chain that are less vulnerable than some badly configured Linux boxen. The main caveat here is that Windows machines need to be more secure because they are attacked more, like low hanging fruit.
So IMHO the most basic reasonable security is a properly configured firewall. I can't stand SELinux as it gets in my way and often offers only a sense of security. A hardware firewall followed by individual software firewalls on a decently setup Linux install will likely never be compromised. The problem with such statistical data is that even if your odds are only one in twenty of being compromised, if it happens to you the odds just became 100%.
Nevertheless, since a hardware firewall is your first line of defense, that is where one should really focus. Next, take the time to learn how iptables works and setup your software firewall according to your risk assessment and needs. Although my main box is vastly more secure than that, I could be fairly comfortable with a properly firewalled system that ran a rootkit revealer every month or so.
That's my two cents. YMMV.